Service Signup & Login with OpenClaw

Overview

An OpenClaw agent with the Ravi plugin can sign up for any web service, receive verification codes via SMS or email, store credentials securely, and log back in later — all without human intervention. No shared personal accounts, no credential leaks, no manual copy-pasting of OTPs.

This page shows the complete patterns using Ravi’s agent tools inside OpenClaw. For the equivalent CLI-based workflow, see Service Signup & Login.

---

The full signup flow

Here’s what happens when an OpenClaw agent signs up for a new service:

Agent needs to use a service
  → Get own email + phone from Ravi identity
  → Generate a strong password
  → Fill the signup form (browser or API)
  → Receive verification via SMS or email
  → Complete verification
  → Store credentials in encrypted vault
  → Ready to use the service

Step 1: Get identity details

The agent retrieves its own email and phone number. These are real, working addresses — not aliases of the owner’s personal accounts.

# The agent calls these tools automatically
info = ravi_get_info()
# Returns: { email: "agent@in.ravi.app", phone: "+15551234567" }

Step 2: Generate and store credentials

Create a password entry before signing up. This auto-generates a strong password and stores it encrypted in the vault immediately — so the password is never lost even if signup fails partway through.

creds = ravi_passwords_create(
    domain="example.com",
    username=info.email
)
# Returns: { uuid: "...", domain: "example.com", username: "agent@in.ravi.app", password: "xK9#mP2..." }

Step 3: Fill the signup form

The agent fills the form using browser automation or API calls — whatever the service supports.

# Using OpenClaw's browser tool
browser.navigate("https://example.com/signup")
browser.fill("#email", info.email)
browser.fill("#password", creds.password)
browser.fill("#phone", info.phone)
browser.click("#submit")

Step 4: Receive and enter verification

SMS verification:

# Poll for the SMS OTP (delivery takes 2-10 seconds)
sms_inbox = ravi_inbox_sms(unread=True)
conversation = ravi_read_sms(conversation_id=sms_inbox[0].conversation_id)
# Extract the code from the message body
code = extract_digits(conversation.messages[-1].body)  # e.g. "Your code is 847291" → "847291"

Email verification:

# Poll for verification email
email_inbox = ravi_inbox_email(unread=True)
thread = ravi_read_email(thread_id=email_inbox[0].thread_id)
# Extract verification link or code from the email
link = extract_url(thread.messages[-1].text_content)

The agent enters the code in the form or visits the verification link, completing signup.

---

Logging into an existing service

# 1. Find stored credentials
passwords = ravi_passwords_list()
# Find the entry for this domain
entry = next(p for p in passwords if p.domain == "example.com")

# 2. Get the decrypted password
creds = ravi_passwords_get(uuid=entry.uuid)

# 3. Log in
browser.navigate("https://example.com/login")
browser.fill("#email", creds.username)
browser.fill("#password", creds.password)
browser.click("#login")

Handling 2FA on login

If the service requires 2FA after entering credentials:

# Trigger 2FA (click "Send code" or similar)
browser.click("#send-2fa-code")

# Wait for SMS
sms_inbox = ravi_inbox_sms(unread=True)
conversation = ravi_read_sms(conversation_id=sms_inbox[0].conversation_id)
code = extract_digits(conversation.messages[-1].body)

# Enter 2FA code
browser.fill("#2fa-code", code)
browser.click("#verify")

---

Storing API keys and tokens

After signing up, services often provide API keys or tokens. Store these in the encrypted secrets vault (separate from website credentials):

# Store an API key
ravi_secrets_set(
    key="EXAMPLE_API_KEY",
    value="sk-abc123...",
    notes="API key for example.com, created 2026-03-14"
)

# Retrieve it later
secret = ravi_secrets_get(key="EXAMPLE_API_KEY")
# Use secret.value in API calls

---

Real-world example: signing up for GitHub

Here’s a concrete example of an OpenClaw agent creating a GitHub account:

1. ravi_get_info() → get email and phone
2. ravi_passwords_create(domain="github.com") → generate password
3. Browser: navigate to github.com/signup
4. Browser: fill email, password, username
5. ravi_inbox_email(unread=True) → poll for verification email
6. ravi_read_email(thread_id=...) → extract verification code
7. Browser: enter code to complete signup
8. Browser: navigate to settings/tokens → create a PAT
9. ravi_secrets_set(key="GITHUB_PAT", value="ghp_...") → store the token

The entire flow is autonomous. The agent has its own GitHub account with its own email, its own credentials in an encrypted vault, and its own API token stored securely. No human credentials were shared or exposed.

---

Best practices

Store credentials immediately. Create the password entry during signup, not after. If the browser crashes mid-signup, you still have the password.

Poll, don’t sleep. SMS and email delivery takes 2–10 seconds. Use a retry loop with ravi_inbox_sms(unread=True) or ravi_inbox_email(unread=True) instead of a fixed delay.

Use the identity name for forms. When a form asks for a name, use the Ravi identity name (from ravi_identity_list), not the account owner’s personal name.

Separate passwords from secrets. Website credentials (domain + username + password) go in ravi_passwords_*. API keys, tokens, and env vars go in ravi_secrets_*.

One identity per agent. Each agent should have its own Ravi identity with its own email, phone, and vault. Don’t share identities across agents.

---

Next steps

• Human Approval in OpenClaw — adding human-in-the-loop gates for high-stakes actions
• Real-World Scenarios — software evaluation, price monitoring, travel booking
• Identities — how Ravi provisions email, phone, and encryption per identity