docs/channels/synology-chat.md
Synology Chat connects to OpenClaw through a webhook pair: a Synology Chat outgoing webhook posts inbound direct messages to the Gateway, and replies go back through a Synology Chat incoming webhook.
Status: official plugin, installed separately. Direct messages only; text and URL-based file sends are supported.
openclaw plugins install @openclaw/synology-chat
Local checkout (when running from a git repo):
openclaw plugins install ./path/to/local/synology-chat-plugin
Details: Plugins
https://gateway-host/webhook/synology by default.channels.synology-chat.webhookPath.openclaw onboard or openclaw channels addopenclaw channels add --channel synology-chat --token <token> --url <incoming-webhook-url>Webhook auth details:
body.token, then
?token=..., then headers.x-synology-tokenx-webhook-tokenx-openclaw-tokenAuthorization: Bearer <token>application/x-www-form-urlencoded or application/json; token, user_id, and text are required.Minimal config:
{
channels: {
"synology-chat": {
enabled: true,
token: "synology-outgoing-token",
incomingUrl: "https://nas.example.com/webapi/entry.cgi?api=SYNO.Chat.External&method=incoming&version=2&token=...",
webhookPath: "/webhook/synology",
dmPolicy: "allowlist",
allowedUserIds: ["123456"],
rateLimitPerMinute: 30,
allowInsecureSsl: false,
},
},
}
For the default account, you can use env vars:
SYNOLOGY_CHAT_TOKENSYNOLOGY_CHAT_INCOMING_URLSYNOLOGY_NAS_HOSTSYNOLOGY_ALLOWED_USER_IDS (comma-separated)SYNOLOGY_RATE_LIMITOPENCLAW_BOT_NAMEConfig values override env vars.
SYNOLOGY_CHAT_INCOMING_URL and SYNOLOGY_NAS_HOST cannot be set from a workspace .env; see Workspace .env files.
dmPolicy values: allowlist (default), open, and disabled. Synology Chat has no pairing flow; approve senders by adding their numeric Synology user IDs to allowedUserIds.allowedUserIds accepts a list (or comma-separated string) of Synology user IDs.allowlist mode, an empty allowedUserIds list is treated as misconfiguration and the webhook route will not start.dmPolicy: "open" allows public DMs only when allowedUserIds includes "*"; with restrictive entries, only matching users can chat. open with an empty allowedUserIds list also refuses to start the route.dmPolicy: "disabled" blocks DMs.user_id by default. channels.synology-chat.dangerouslyAllowNameMatching: true is break-glass compatibility mode that re-enables mutable username/nickname lookup for reply delivery.Use numeric Synology Chat user IDs as targets. The synology-chat:, synology_chat:, and synology: prefixes are accepted.
Examples:
openclaw message send --channel synology-chat --target 123456 --message "Hello from OpenClaw"
openclaw message send --channel synology-chat --target synology-chat:123456 --message "Hello again"
openclaw message send --channel synology-chat --target synology:123456 --message "Short prefix"
Outbound text is chunked at 2000 characters. Media sends are supported by URL-based file delivery: the NAS downloads and attaches the file (max 32 MB). Outbound file URLs must use http or https, and private or otherwise blocked network targets are rejected before OpenClaw forwards the URL to the NAS webhook.
Multiple Synology Chat accounts are supported under channels.synology-chat.accounts.
Each account can override token, incoming URL, webhook path, DM policy, and limits.
Direct-message sessions are isolated per account and user, so the same numeric user_id
on two different Synology accounts does not share transcript state.
Give each enabled account a distinct webhookPath. OpenClaw rejects duplicate exact paths
and refuses to start named accounts that only inherit a shared webhook path in multi-account setups.
If you intentionally need legacy inheritance for a named account, set
dangerouslyAllowInheritedWebhookPath: true on that account or at channels.synology-chat,
but duplicate exact paths are still rejected fail-closed. Prefer explicit per-account paths.
{
channels: {
"synology-chat": {
enabled: true,
accounts: {
default: {
token: "token-a",
incomingUrl: "https://nas-a.example.com/...token=...",
},
alerts: {
token: "token-b",
incomingUrl: "https://nas-b.example.com/...token=...",
webhookPath: "/webhook/synology-alerts",
dmPolicy: "allowlist",
allowedUserIds: ["987654"],
},
},
},
},
}
token secret and rotate it if leaked.allowInsecureSsl: false unless you explicitly trust a self-signed local NAS cert.rateLimitPerMinute, default 30).dmPolicy: "allowlist" for production.dangerouslyAllowNameMatching off unless you explicitly need legacy username-based reply delivery.dangerouslyAllowInheritedWebhookPath off unless you explicitly accept shared-path routing risk in a multi-account setup.Missing required fields (token, user_id, text):
Invalid token:
channels.synology-chat.tokenRate limit exceeded:
Allowlist is empty. Configure allowedUserIds or use dmPolicy=open with allowedUserIds=["*"].:
dmPolicy="allowlist" is enabled but no users are configuredUser not authorized:
user_id is not in allowedUserIds