Connect OpenClaw to WhatsApp, Telegram and Slack: Channel Setup Guide

Connect OpenClaw to WhatsApp, Telegram and Slack: Channel Setup Guide

Welcome to Episode 3 of the OpenClaw Mastery series. As we covered in our previous guide (Episode 1: What Is OpenClaw?) and the install walkthrough (Episode 2: How to Install OpenClaw), you should now have OpenClaw running and ready to integrate with messaging platforms. This episode walks you through connecting OpenClaw to WhatsApp (official and community bridges), Telegram (BotFather), Slack (app + OAuth), Discord (bot token), and Signal (signal-cli/community bridges).

Photo by Vlada Karpovich on Pexels | Source

Before you start: tools, access and safety

• Tools you’ll use: Meta WhatsApp Cloud API or WhatsApp Business API provider, whatsapp-web.js or Baileys for community bridges, Telegram Bot API via BotFather, Slack API + OAuth (Bolt or Web API SDKs), Discord Developer Portal, and signal-cli for Signal integrations.
• Accounts and permissions: You need developer access to each platform (Business Manager for WhatsApp, a Telegram account, Slack workspace admin or app install permissions, Discord developer account, and a mobile number for Signal).
• Pricing and versions (Feb 27, 2026): WhatsApp Cloud API is offered by Meta on a pay-per-message basis (region-dependent rates—check Meta Business pricing). Telegram, Discord, and Signal use free developer APIs; Slack API access is available on the free tier but some workspace features require paid plans. For SDKs, always use the latest stable releases from their repos and check their changelogs before production deployment.

WhatsApp: Official Cloud API vs community bridges

There are two common approaches to get OpenClaw talking to WhatsApp:

1. Official: WhatsApp Cloud API (Meta)

Step-by-step:

1. Create a Meta Business account and verify your business.
2. Create an app in Meta for Developers and enable the WhatsApp product.
3. Add a phone number (or use a WhatsApp Business number) and obtain a permanent access token or app access token.
4. Configure your OpenClaw webhook URL in the app: set Verify Token and Webhook URL for message delivery.
5. Use the Cloud API to send messages and templates (approved template messages are required for outbound messages to users who haven't opted in).

Permissions needed:

• Business verification in Meta Business Manager.
• Access to the WhatsApp product in your Meta app.
• Template message approval for proactive messages.

Tips for best experience:

• Use message templates for notifications and session messages for replies within 24 hours.
• Persist webhook verification tokens and rotate your tokens securely.
• Use media URLs hosted on HTTPS endpoints.

Troubleshooting:

• Webhook validation failures: ensure your verify token matches and your endpoint returns HTTP 200 for GET verification.
• Authentication errors: tokens may expire—rotate tokens as recommended by Meta and check scopes.
• Template rejects: templates must match WhatsApp policies; double-check placeholders and language.

1. Community bridges (whatsapp-web.js, Baileys, etc.)

Step-by-step:

1. Choose a maintained library (e.g., whatsapp-web.js or Baileys) and install it on the OpenClaw host.
2. Pair with a WhatsApp account via QR code; persist session credentials on disk or a secure store.
3. Implement a message adapter between the library events and OpenClaw’s webhook/API.

Permissions and cautions:

• These libraries emulate WhatsApp Web and are not officially supported by Meta—risk of account bans for high-volume or rule-violating usage.
• Use a non-critical phone number and monitor for rate limits.

Troubleshooting:

• QR pairing fails: remove stored sessions and re-pair; ensure Node.js and dependencies are up to date.
• Disconnections: add automatic reconnection and session persistence to avoid frequent QR re-pairing.

Photo by cottonbro studio on Pexels | Source

Telegram: BotFather and webhooks

Telegram integration is straightforward and developer-friendly.

Step-by-step:

1. Open Telegram and message @BotFather. Use /newbot to create a bot and follow prompts (name, username).
2. BotFather returns a Bot Token (keep it secret). Optionally set a description and bot profile.
3. Choose webhook mode (recommended in production) or long polling. For webhook:
   • Expose an HTTPS endpoint and call setWebhook with your bot token and URL.
   • Optionally upload a self-signed certificate if not using a CA-signed cert.
4. Map incoming updates to OpenClaw intents and respond via sendMessage, sendPhoto, etc.

Permissions needed:

• No special verification for most bots; some Bot API features may require bot admin rights in groups.

Tips for best experience:

• Use webhooks for lower latency and reliability. Host webhooks behind a reverse proxy (nginx) and monitor.
• Respect Telegram’s message limits and use media groups for multiple images.

Troubleshooting:

• Webhook HTTPS errors: ensure your certificate chain is valid and your endpoint responds within Telegram’s timeout (~10 seconds).
• Invalid token: regenerate with BotFather if token leaks.

Slack: App creation, scopes and OAuth

Slack integration gives you workspace-grade control but requires proper OAuth and permission scopes.

Step-by-step:

1. In api.slack.com/apps create a new app and pick a workspace to develop in.
2. Add features: OAuth & Permissions, Bot Token Scopes, and optionally Event Subscriptions.
3. Under OAuth & Permissions, add scopes like chat:write, channels:read, im:write, users:read as required.
4. Configure Redirect URLs and install the app to your workspace to obtain OAuth tokens (bot token and installation record).
5. Use Events API or socket mode to receive messages and call chat.postMessage to send responses.

Permissions needed:

• Admin consent may be required for certain scopes or for installing into other workspaces.
• If using Enterprise Grid, coordinate with your workspace owner.

Tips for best experience:

• Use socket mode when webhooks are blocked or you want to avoid public endpoints.
• Implement adaptive card-like attachments and blocks to enrich conversational UI.

Troubleshooting:

• 403/invalid_auth: check token type (user vs bot) and scopes. Reinstall the app if permissions changed.
• Rate limiting: honor HTTP 429 and back off; use concurrency limits.

Photo by Markus Winkler on Pexels | Source

Discord: Bot token, intents and permissions

Discord is ideal for community-focused bots and supports rich interactions.

Step-by-step:

1. Go to the Discord Developer Portal, create an application, and add a Bot.
2. Copy the Bot token (store securely) and configure intents: enable privileged intents like MESSAGE_CONTENT if you need message content.
3. Create an invite URL with the scopes bot and applications.commands, and set permissions (message send, embed links, read messages).
4. Use discord.js or a similar SDK to connect, register slash commands, and forward events to OpenClaw.

Permissions needed:

• Bot invites require the correct OAuth2 scopes and a permissions integer matching capabilities.
• MESSAGE_CONTENT is privileged and may require verification for larger bots.

Tips for best experience:

• Use slash commands for predictable UX and lower abuse.
• Cache guild and user info to reduce API calls.

Troubleshooting:

• Intents not working: ensure they’re enabled both in the Developer Portal and in your client code.
• Token invalid: regenerate tokens and restart the bot; never commit tokens to source control.

Signal: signal-cli and bridging

Signal’s official ecosystem is privacy-first; integrations typically use signal-cli or self-hosted bridges.

Step-by-step (signal-cli):

1. Install signal-cli on your server and register a phone number (you’ll get an SMS/voice verification code).
2. Link or create a profile and export credentials for programmatic use.
3. Use signal-cli to send and receive messages; build an adapter to translate messages between signal-cli and OpenClaw.

Permissions and cautions:

• You must own the phone number you register. Signal enforces strong privacy, so automated mass messaging is discouraged.

Tips for best experience:

• Run signal-cli as a dedicated user and persist credentials securely.
• Use retries and local queues for unstable networks.

Troubleshooting:

• Registration failures: ensure the number is not already registered elsewhere and that you handle verification SMS/voice.
• Message delivery issues: check signal-cli logs and network connectivity; Signal may throttle suspicious behavior.

Best practices across all channels

• Webhooks & HTTPS: Always use HTTPS for webhooks. Use valid CA-signed certs or platform-supported workarounds.
• Idempotency: Deduplicate incoming webhooks to avoid double-processing.
• Rate limits & retries: Implement exponential backoff and queues for outbound requests.
• Logging & monitoring: Capture delivery receipts, error codes, and user-level failures to a centralized log.
• Security: Store tokens in secrets managers (Vault, AWS Secrets Manager) and rotate them periodically.

Common cross-platform troubleshooting checklist

• Token or credential invalid: check token expiry, scopes, and whether the app was reinstalled.
• Webhook unreachable: firewall, port, DNS, or certificate issues—test with curl and ngrok locally.
• Missing permissions: inspect platform logs and re-request scopes; for Slack and Meta, reinstallation may be required.
• Message format errors: verify JSON payloads match API schemas and media URLs are accessible over HTTPS.

Wrap-up

Connecting OpenClaw to messaging channels unlocks real-world reach. As you integrate, keep privacy, rate limits, and platform policies front-of-mind. If you followed Episode 1 and Episode 2, you already have the runtime and environment ready—now it's about mapping each platform’s model to OpenClaw’s adapter layer and building robust error handling.

Next up in this series (Episode 4): Orchestration & multi-channel routing—how to keep state and sessions consistent across platforms.

Frequently Asked Questions

Do I need a paid plan to connect OpenClaw to WhatsApp?

You need a verified Meta Business account and to follow WhatsApp Cloud API billing, which is pay-per-message and varies by region. Using community bridges may avoid direct API costs but carries risk of account limitations.

Should I use webhooks or polling for Telegram and Slack?

Webhooks are recommended for production due to lower latency and resource usage. Use long polling only for simple development setups or where a public HTTPS endpoint isn't available.

How do I keep tokens and credentials secure?

Store tokens in a secrets manager (e.g., Vault, AWS Secrets Manager), rotate them regularly, and never commit credentials to source control. Use environment-based access controls for runtime services.

What is the best way to handle rate limits?

Implement graceful retries with exponential backoff, queue outbound messages, and monitor platform-specific rate-limit headers or error responses to adapt throughput.