Install
Quick setup
- Install the plugin (above).
- In Synology Chat integrations:
- Create an incoming webhook and copy its URL.
- Create an outgoing webhook with your secret token.
- Point the outgoing webhook URL to your OpenClaw Gateway:
https://gateway-host/webhook/synologyby default.- Or your custom
channels.synology-chat.webhookPath.
- Finish setup in OpenClaw. Synology Chat appears in the same channel setup list in both flows:
- Guided:
openclaw onboardoropenclaw channels add - Direct:
openclaw channels add --channel synology-chat --token <token> --url <incoming-webhook-url>
- Guided:
- Restart the Gateway and send a DM to the Synology Chat bot.
- OpenClaw accepts the outgoing webhook token from
body.token, then?token=..., then headers. - Accepted header forms:
x-synology-tokenx-webhook-tokenx-openclaw-tokenAuthorization: Bearer <token>
- Empty or missing tokens fail closed.
- Payloads may be
application/x-www-form-urlencodedorapplication/json;token,user_id, andtextare required.
Environment variables
For the default account, you can use env vars:SYNOLOGY_CHAT_TOKENSYNOLOGY_CHAT_INCOMING_URLSYNOLOGY_NAS_HOSTSYNOLOGY_ALLOWED_USER_IDS(comma-separated)SYNOLOGY_RATE_LIMITOPENCLAW_BOT_NAME
SYNOLOGY_CHAT_INCOMING_URL and SYNOLOGY_NAS_HOST cannot be set from a workspace .env; see Workspace .env files.
DM policy and access control
- Supported
dmPolicyvalues:allowlist(default),open, anddisabled. Synology Chat has no pairing flow; approve senders by adding their numeric Synology user IDs toallowedUserIds. allowedUserIdsaccepts a list (or comma-separated string) of Synology user IDs.- In
allowlistmode, an emptyallowedUserIdslist is treated as misconfiguration and the webhook route will not start. dmPolicy: "open"allows public DMs only whenallowedUserIdsincludes"*"; with restrictive entries, only matching users can chat.openwith an emptyallowedUserIdslist also refuses to start the route.dmPolicy: "disabled"blocks DMs.- Reply recipient binding stays on stable numeric
user_idby default.channels.synology-chat.dangerouslyAllowNameMatching: trueis break-glass compatibility mode that re-enables mutable username/nickname lookup for reply delivery.
Outbound delivery
Use numeric Synology Chat user IDs as targets. Thesynology-chat:, synology_chat:, and synology: prefixes are accepted.
Examples:
http or https, and private or otherwise blocked network targets are rejected before OpenClaw forwards the URL to the NAS webhook.
Multi-account
Multiple Synology Chat accounts are supported underchannels.synology-chat.accounts.
Each account can override token, incoming URL, webhook path, DM policy, and limits.
Direct-message sessions are isolated per account and user, so the same numeric user_id
on two different Synology accounts does not share transcript state.
Give each enabled account a distinct webhookPath. OpenClaw rejects duplicate exact paths
and refuses to start named accounts that only inherit a shared webhook path in multi-account setups.
If you intentionally need legacy inheritance for a named account, set
dangerouslyAllowInheritedWebhookPath: true on that account or at channels.synology-chat,
but duplicate exact paths are still rejected fail-closed. Prefer explicit per-account paths.
Security notes
- Keep
tokensecret and rotate it if leaked. - Keep
allowInsecureSsl: falseunless you explicitly trust a self-signed local NAS cert. - Inbound webhook requests are token-verified and rate-limited per sender (
rateLimitPerMinute, default 30). - Invalid token checks use constant-time secret comparison and fail closed; repeated invalid-token attempts temporarily lock out the source IP.
- Inbound message text is sanitized against known prompt-injection patterns and truncated at 4000 characters.
- Prefer
dmPolicy: "allowlist"for production. - Keep
dangerouslyAllowNameMatchingoff unless you explicitly need legacy username-based reply delivery. - Keep
dangerouslyAllowInheritedWebhookPathoff unless you explicitly accept shared-path routing risk in a multi-account setup.
Troubleshooting
Missing required fields (token, user_id, text):- the outgoing webhook payload is missing one of the required fields
- if Synology sends the token in headers, make sure the gateway/proxy preserves those headers
Invalid token:- the outgoing webhook secret does not match
channels.synology-chat.token - the request is hitting the wrong account/webhook path
- a reverse proxy stripped the token header before the request reached OpenClaw
- the outgoing webhook secret does not match
Rate limit exceeded:- too many invalid token attempts from the same source can temporarily lock that source out
- authenticated senders also have a separate per-user message rate limit
Allowlist is empty. Configure allowedUserIds or use dmPolicy=open with allowedUserIds=["*"].:dmPolicy="allowlist"is enabled but no users are configured
User not authorized:- the sender’s numeric
user_idis not inallowedUserIds
- the sender’s numeric
Related
- Channels Overview — all supported channels
- Groups — group chat behavior and mention gating
- Channel Routing — session routing for messages
- Security — access model and hardening