clawproxy

Public webhook ingress for private OpenClaw nodes

The purpose-built alternative to ngrok and Cloudflare Tunnels

Webhooks for private nodes.

Accept webhook traffic from the public internet, store it durably, and deliver it to your OpenClaw node instantly over WebSocket — or via authenticated outbound pull. No public node exposure required.

Get started See how it works

Built for OpenClawDurable deliveryPrivate-node friendlyngrok alternative

Live flow

From provider to private node

Healthy

GitHub / Stripe / Slack

Webhook hits your public clawproxy route.

Ingress accepted

Validated and saved safely until delivery to your node.

Live push or pull

Event is pushed instantly over WebSocket, or fetched by the node on its next poll.

Ack complete

Processed events are acknowledged and marked delivered.

Mode

Push + Pull

Storage

Safe until delivery

Ideal for

NAT + LAN

Never miss a webhook

Inbound events are persisted before delivery, so temporary downtime or sleeping nodes do not turn into dropped requests.

Keep your node private

clawproxy is designed for deployments behind NAT, residential routers, and private LANs that can only make outbound connections.

Live WebSocket delivery

OpenClaw nodes can open a persistent WebSocket connection and receive events the instant they arrive — no polling delay. HTTP pull is always available as a fallback.

Built for operators

Manage routes, inspect recent traffic, debug failures, and understand delivery state from one lightweight dashboard.

Coming from ngrok or Cloudflare Tunnels?

Purpose-built for webhook delivery — not general tunneling.

ngrok and Cloudflare Tunnels are excellent general-purpose tools, but clawproxy is laser-focused on one job: durable webhook ingress and private node delivery without keeping a tunnel daemon running.

No tunnel dependency

clawproxy runs as a standalone service. Your node connects outbound — no tunnel daemon to keep alive on the receiving end.

Events survive restarts

Unlike tunnels that drop in-flight traffic when the process exits, clawproxy persists every event until it is acknowledged delivered.

No vendor lock-in

No third-party relay in the webhook path, no usage-based pricing, and no rate limits imposed by a vendor.

How it works

Keep the webhook path public and the node private.

clawproxy is deliberately focused: it receives inbound webhook traffic on the public internet and hands it off to private OpenClaw nodes through authenticated outbound requests.

Expose a public route

Create a route in clawproxy and point GitHub, Stripe, Slack, or any provider at the generated URL.

Queue every inbound event

Each request is validated, accepted, and stored durably before your private node ever touches it.

Deliver in real-time or on demand

Your OpenClaw node receives events instantly over a persistent WebSocket connection, or falls back to authenticated HTTP polling — whichever fits your setup.

System overview

Webhook events travel from the public internet to your private node — without exposing a single port.

Provider

Public internet

GitHub
Stripe
Slack
Any webhook service

webhook POST

clawproxy

Public cloud

Accepts & validates
Saves events until delivery
Manages delivery state

outbound pullevents + ack

outbound pull / events

OpenClaw node

Your private network

🔒 Never exposed

Polls for new events
Processes locally
Acknowledges delivery

Your node always initiates the connection outbound — no open ports or firewall rules required.

Ready to route inbound events?

Public ingress on one side. Secure outbound delivery on the other.

Built for the very common reality that your software can call out, but should not be exposed directly to the internet.

clawproxy.io

Open dashboard Learn about OpenClaw