The first thing every new OpenClaw user wants to do is connect the agent to the outside world. The thing they actually want, even if they don't say it, is a repeatable pattern that works on any API — not a bespoke tutorial for YouTube transcripts that won't transfer to CoinGecko. The channel's answer is the 6-step process: find the docs, get the key, store in .env, teach the agent, test, save as skill. YouTube transcripts are the canonical worked example because YouTube actively blocks bot transcript access, so the value of "using the API" is visible immediately, but the steps transfer verbatim to any HTTP API with an auth header.

This article walks through all six steps against the YouTube transcript API, names the failure modes the channel flagged in the transcript ("first try fails and people give up"), and ends with the two non-obvious rules: the agent hallucinates results about 5% of the time, and .env is the only path the agent will leave secrets on. Both rules carry into every other article in this course.

What you'll learn

  • The 6-step process is: (1) find the API documentation, (2) get an API key from the service, (3) store the key in ~/.openclaw/.env (never in chat), (4) paste the docs to the agent and tell it to read up, (5) test with a real example video ID, (6) ask the agent to save the integration as a skill.
  • YouTube transcripts are the canonical example because YouTube blocks bot transcript scraping — the only authorized path is the API. The same bot-detection failure mode exists for Twitter/X, CoinGecko (paid tier), LinkedIn, and Instagram, which is why "use the API" generalizes to "bypass anti-bot measures with authorized access."
  • The agent's reliability is roughly 75% works first try / 20% needs a correction / 5% needs a retry — this is normal. Persistence is the load-bearing skill. The host's framing in the transcript: "I think the reason why a lot of people are not good at AI is because the first try fails and then they give up."
  • The agent will sometimes hallucinate API calls (claim it called the API but didn't) — the cure is asking it to show you the request it actually made, or starting a fresh session.
  • The agent will also sometimes try to web-scrape when the API is the right tool — the cure is explicit redirection: "No, don't scrape the website. Use the [Service] API. The key is in ENV_VAR_NAME."
  • Saving the integration as a skill (make this a skill so you can use it automatically in the future) is what makes the integration survive the nightly context wipe. Without a skill, the working integration is gone by morning.

The 6-step process, mapped to the YouTube transcript example

The video is short and the structure is rigid on purpose. Every API on the internet fits the same six boxes. The numbered steps below are the channel's walkthrough, with the YouTube Transcripts API as the example — substitute the service name and you have a working template for any other integration.

Step 1 — Find the API documentation

Search for "[service name] API documentation" and look for four things:

  • Getting Started guide — usually the canonical first page
  • Authentication method — typically a bearer token in the Authorization header
  • Endpoint documentation — the URL, method, request shape, response shape
  • Code examples — the canonical request body, in JSON or form-encoded

For the worked example, the channel uses youtubetranscript.io — a free service that exposes an authorized path to YouTube's transcript data. The docs page lists POST https://api.youtubetranscript.io/v1/transcript as the endpoint, with a JSON request body of {"video_id": "VIDEO_ID_HERE", "format": "text"} and the token in Authorization: Bearer YOUR_API_KEY.

The channel's framing is that you don't actually have to understand any of this — your agent does. "Your bot is trained to read API documentation, understand technical specifications, implement API calls, handle authentication." Your job is to find the URL and hand it over.

Step 2 — Get the API key

Sign up for the service, navigate to the dashboard or developer portal, generate an API key, and copy it. Three locations to check in order:

  • Account Settings → API Keys
  • Developer Portal → Applications
  • Dashboard → API Access

The transcript note is the load-bearing one: copy the key immediately. Many services show it once and never again. If you lose it, you regenerate and the old one dies.

For YouTube Transcripts, the token looks like yt_live_abc123def456... and lives in the user dashboard after signup. Treat it like a password — it's the only thing standing between an attacker and your account.

Step 3 — Store the API key in .env

This is the step that gets glossed over in most "API integration" tutorials, and it's the step the channel spends disproportionate time on. The reason is in Course 9: Security & Best Practices, but the integration-specific version is:

nano ~/.openclaw/.env

Add the key in KEY=value format:

YOUTUBE_TRANSCRIPT_API_KEY=yt_live_your_token_here

Save with Ctrl+X, Y, Enter. Set permissions: chmod 600 ~/.openclaw/.env. Add .env to .gitignore if the project is in a repo.

The non-obvious rule from the channel: AI models are trained not to reveal environment variable contents. The bot won't echo the value back at you in chat, won't paste it into a Notion page it writes for you, and won't include it in a debugging log. That's the security property .env has that "remember this token" in chat doesn't. The corollary: if you ever paste the token directly in chat ("here's the API key, please use it"), the bot may use it once and then forget — and you've lost the persistence that .env gives you. See §8.3 for the full discipline.

Step 4 — Teach the agent the API

This is the step that turns "I added an API key" into "the agent can call the API." Paste the docs into chat and tell the agent what to do with them. The canonical prompt from the video:

Hey, I want you to learn how to use the YouTube Transcript API.

Here's the API documentation:
https://youtubetranscript.io/docs

The API endpoint is:
POST https://api.youtubetranscript.io/v1/transcript

Request format:
{
  "video_id": "VIDEO_ID_HERE",
  "format": "text"
}

Headers:
Authorization: Bearer YOUR_API_KEY

I've stored the API key in the environment variable YOUTUBE_TRANSCRIPT_API_KEY.

Please:
1. Read up on this API documentation
2. Make a skill to fetch transcripts
3. Test it by getting the transcript for video ID "dQw4w9WgXcQ"
4. Save the skill for future use

The structure is deliberate: paste the docs URL, paste the endpoint and request shape, name the env var (don't paste the value — it's in .env), and tell the agent the four concrete next steps. The "read the docs" step is non-negotiable — without it, the agent is guessing at the schema, and the 75/20/5 reliability split drops sharply.

The host's framing for why this works at all: "your agent can read and understand technical documentation better than most humans." That's the bet the whole 6-step process is making — the LLM is the API client, you are the API-key-and-docs delivery service.

Step 5 — Test with a real example

Ask the agent to fetch something concrete:

Can you get the transcript for this YouTube video?
https://youtube.com/watch?v=xcKBDXO4LLE

The agent extracts the video ID, makes the API call, returns the transcript. Verify the result — read a few sentences, confirm they match what's in the video. If the agent returns "API returned 401 Unauthorized," the key isn't loaded — check the env var name and the .env file location. If the agent returns the transcript with garbled timestamps, the format parameter is wrong — re-read step 1's docs.

The test step is also where you catch the hallucination failure mode. The agent will sometimes claim success without actually calling the API — it will invent a plausible-looking transcript and return it as if it had fetched it. The cure is two questions in order:

Can you show me the API request you actually made?
Can you double-check that you called the API? Show me the response headers.

If the agent can't produce the request, it didn't make one. Start a fresh session and try again. This is the 5% of the 75/20/5 split, and it's normal — the fix is "verify, don't trust."

Step 6 — Save as a skill

The integration works in chat. The integration doesn't survive the nightly context wipe. Closing the loop:

Please save this YouTube transcript integration as a skill named "fetch_youtube_transcript" so you can use it automatically in future conversations.

The agent writes a skill file to ~/.openclaw/skills/fetch_youtube_transcript.md (or the equivalent in your install). After this, "get the transcript for this video" just works — no docs-pasting, no endpoint re-specification. The skill survives the wipe, the env var survives the wipe, and you've got a permanent integration. See §8.5 for what a saved skill looks like under the hood.

The full process, condensed for any API

The 6-step structure is rigid by design. Any HTTP API with a bearer token fits the same boxes:

  1. Find the API — search "[service] API docs," check for a free tier, note rate limits
  2. Get credentials — sign up, generate a key, copy it once
  3. Store in .envSERVICE_NAME_API_KEY=value, chmod 600
  4. Share with the agent — paste docs URL + endpoint shape + env var name, ask for a skill
  5. Test with a real example — verify the response matches reality
  6. Save as skill — name it, tell the agent to make it permanent

Three concrete variants the channel works through:

  • Twitter/X: docs at developer.twitter.com, same 6-step process. The bot-detection bypass is the whole point.
  • CoinGecko: docs at coingecko.com/api/documentation. Free tier works for spot prices; the demo in the channel is "fetch the current Bitcoin price."
  • OpenWeather: docs at openweathermap.org/api. Demo is "get the weather for New York."

The only step that genuinely changes between services is Step 1 — the docs URL and the auth scheme. Everything else is the same prompt template.

The 75/20/5 split — and why you keep going

The channel's realism on agent reliability is worth quoting:

  • 75% of the time: works perfectly
  • 20% of the time: minor errors, needs a correction
  • 5% of the time: complete failure, needs a retry

This is the working assumption behind "persist through errors." The 20% is mostly small things — wrong format parameter, wrong header name, missed query string. The 5% is "the agent pretended to call the API" or "the agent tried to scrape instead of using the API."

Four specific failure modes the channel names:

  • Agent hallucinates results. Symptom: claims to have fetched data but didn't actually call the API. Cure: "show me the request," or start a new session.
  • API returns 401. Symptom: "unauthorized." Cure: verify the key is in .env, restart openclaw gateway restart, check if the key expired.
  • Agent uses web scraping instead of the API. Symptom: a 403 Forbidden or a Cloudflare block page in the agent's output. Cure: explicit redirection — "use the [Service] API, the key is in ENV_VAR_NAME."
  • Cloudflare or bot detection. Symptom: "Access denied" or a CAPTCHA page. Cure: this is exactly why the API exists. Tell the agent to stop scraping and use the authorized endpoint.

The host's framing for why people give up: "I think the reason why a lot of people are not good at AI is because the first try fails and then they give up." The 6-step process is set up so the cost of retrying is low — same prompt, same env var, just nudge the agent and try again.

Try it yourself

The hands-on goal: add a working YouTube transcript integration to your agent, end-to-end, with a saved skill.

  1. Sign up at youtubetranscript.io. Create a free account, verify your email, copy the API token from the dashboard (it starts with yt_live_).
  2. Edit ~/.openclaw/.env. Add YOUTUBE_TRANSCRIPT_API_KEY=<your_token_here>. chmod 600 the file. Verify with cat ~/.openclaw/.env | grep YOUTUBE.
  3. Open a chat session with your agent. Send the step-4 prompt from this article — docs URL, endpoint shape, env var name, the four concrete next steps.
  4. Watch the agent read the docs. If your agent skips the read and jumps to implementation, stop it and re-send step 1 of the prompt. Reading the docs is the load-bearing step.
  5. Test with the canonical example video (dQw4w9WgXcQ is the one in the channel's prompt). Confirm the transcript matches the video content.
  6. Catch the hallucination failure mode. Before trusting the result, ask: "show me the request you actually made." If the agent can't produce the curl/HTTP request, it didn't actually call the API — start a fresh session.
  7. Catch the scrape-instead-of-API failure mode. If the response includes "Access denied" or a Cloudflare page, the agent is scraping. Redirect: "stop scraping, use the YOUTUBE_TRANSCRIPT_API_KEY environment variable."
  8. Save as a skill. Once the transcript comes back clean, send: "save this as a skill named fetch_youtube_transcript." Verify the file appears in ~/.openclaw/skills/.
  9. Test the skill in a new session. Open a fresh chat, send "get the transcript for xcKBDXO4LLE and summarize it in 5 bullets." The agent should auto-invoke the skill without you mentioning it.
  10. Audit the .env discipline. Run git status (if the project is in a repo) — .env must be in .gitignore. Grep your recent chat history — no API keys should appear. This is §8.3's audit; do it now while the integration is fresh.

Common pitfalls

  • Pasting the API key directly in chat. "Here's my token: yt_live_abc..." defeats the entire .env discipline. The model is trained to forget chat history on context reset, and you can't .gitignore Discord. Always store in .env.
  • Skipping the "read the docs" step. Without the docs, the agent is guessing at the schema. The 75/20/5 split drops to roughly 30/40/30. The docs URL is the most important thing in the step-4 prompt.
  • Trusting the agent's first response without verification. The 5% hallucination failure is real. Always ask "show me the request you actually made" before trusting a fetched result.
  • Letting the agent web-scrape when the API is the right tool. If the response includes a 403 or a Cloudflare block page, the agent is scraping, not API-calling. Redirect explicitly: "use the [Service] API, the env var is X."
  • Stopping after the first failure. The host's framing is direct: "the first try fails and people give up." Try 2–3 times with the same approach, rephrase the prompt if needed, start a fresh session to clear context. Don't quit at the 5%.
  • Not testing the saved skill in a new session. A skill that works in the same session it was created in might not work the next morning. Open a fresh chat and verify it auto-invokes — that's the actual proof of persistence.
  • Committing .env to Git. Even once. Even by accident. The channel's guidance is unambiguous — chmod 600 and .gitignore from day one. If you commit a secret, consider it compromised and rotate immediately.
  • Reusing one integration key across multiple projects. Use a separate key per project (or at least per environment). A leaked key in one repo shouldn't take down your other integrations.
  • Skipping the rate-limit conversation. Most APIs have a quota. Tell the agent: "the [Service] API has a rate limit of N per hour; warn me when you're approaching it." Otherwise the integration will mysteriously fail when you need it most.

Sources

  • OpenClaw + API Guide (Step-by-Step) — few thousand views · video_id: 2YPV2OmPZyo · the spine of the article. The 6-step process is sourced verbatim from the transcript walkthrough. The 75/20/5 reliability split, the "first try fails, people give up" framing, and the four failure-mode cures (hallucination, 401, scrape-instead-of-API, Cloudflare) are all from this video.
  • OpenClaw + API Integration Guide (Step-by-Step)video_id: not-listed (cross-reference to archived Course 21, full version used as source) · the broader walkthrough the same 6-step process. Adds the "Why Use APIs?" framing (bypassing bot blocks on Twitter/X, CoinGecko, YouTube, LinkedIn) and the canonical "Real-World Example: Content Creator Workflow" that chains three APIs in sequence.
  • Best Practices and "AI models are trained not to reveal env vars" — cross-referenced from Course 9: Security & Best Practices §9.1. The .env discipline in step 3 is anchored in the wider security course; this article covers the integration-specific case.
  • Skills-as-step-6 anchorvideo_id: obET69yycFc (cross-listed to §8.5). The "save as a skill so you can use it automatically in the future" prompt is the handoff into the §8.5 article.