Skip to main content

Creating your application

The steps mentioned further in this markdown are essentially a copy of the steps mentioned in the documentation. Therefore, you can follow the steps from either resource.

note

If you have already made your bot application, you can skip this document and move on to initial-files.

Creating a bot account

In order to work with the library and the Discord API in general, we must first create a Discord Bot account.

Creating a Bot account is a pretty straightforward process.

  1. Make sure you're logged on to the Discord website.

  2. Navigate to the application page.

  3. Click on the New Application button.


    New Application button


  4. Give the application a name and click Create.


    Create Application modal


  5. Navigate to the Bot tab. A bot account is added automatically when the application is created.

  6. Make sure that Public Bot is ticked if you want others to invite your bot.


    New Bot


    • You should also make sure that Require OAuth2 Code Grant is unchecked unless you are developing a service that needs it. If you're unsure, then leave it unchecked.
  7. Copy the token by clicking Reset Token and then using the Copy button.


    Copy Token


    • Click "Yes, do it!" when asked.
    • This is not the Client Secret at the General Information page.

And that's it. You now have a bot account and you can login with that token.

Regarding bot tokens

danger

This section is critical, so pay close attention. It explains what your bot token is, as well as the security aspects of it.

What is a token, anyway?

It should be worth noting that the token is essentially your bot's password. You should never share this with someone else. In doing so, someone can log in to your bot and do malicious things, such as leaving servers, ban all members inside a server, or pinging everyone maliciously.

Tokens look like this: OTA4MjgxMjk4NTU1MTA5Mzk2.YYzc4A.TB7Ng6DOnVDlpMS4idjGptsreFg (don't worry, we immediately reset this token before even posting it here!). If it's any shorter and looks more like this: CR8UbizwLgyES9LuHK7eIrXHbRTuqoEs, you copied your client secret instead. Make sure to copy the token if you want your bot to work!

Token leak scenario

Let's imagine that you have a bot on over 1,000 servers, and it took you many, many months of coding and patience to get it on that amount. Your token gets leaked somewhere, and now someone else has it. That person can:

  • Spam every server your bot is on;
  • DM spam as many users as possible;
  • Delete as many channels as possible;
  • Kick or ban as many server members as possible;
  • Make your bot leave all of the servers it has joined;
  • Access and damage the underlying infrastructure (your server).

All that and much, much more. Sounds pretty terrible, right? So make sure to keep your token as safe as possible! In the initial files page of the guide, we cover how to safely store your token in a configuration file.

caution

If you accidentally leaked your token, click the “Regenerate” button as soon as possible. This revokes your old token and re-generates a new one. Now you need to use the new token to login.

Discord's system messages

System messages are official messages that Discord sends to alert you of an account issue. These messages can range from a variety of payment issues, support ticket updates, and ToS violation warnings. You can also expect a system message if your bot token has been posted on the internet publicly, and was found by Discord.

Such a message will look as follows:


System message


caution

Since we do not know the extent to which Discord searches for bot tokens, or the time taken to inform the user about where the bot was found, we recommend not fully depending on this feature. But incase your bot token is found on the internet publicly (say, on a GitHub repository), you can expect Discord to send a system message to the account the bot is linked to.

Note that Discord will never ask for your password or account token, and a system message will never request for the same. System messages from Discord will have a verified SYSTEM tag, and the bar at the bottom of the DM will mention - "This thread is reserved for official Discord notifications".


System DM


You can read more about the authenticity of these messages in this article.

Inviting your bot

So, you've made the bot account, but it is not actually in any server. If you want to invite your bot you must create an invite URL for it.

  1. Make sure you're logged on to the Discord website.

  2. Navigate to the application page.

  3. Click on your bot's page.

  4. Go to the OAuth2 tab.


    OAuth2 Page


  5. Tick the bot checkbox under scopes.


    OAuth2 Scope


    • If you would like to integrate slash commands and other interactions into your bot, make sure to check the applications.commands scope as well.

    OAuth2 Application Commands


  6. Tick the permissions required for your bot to function under Bot Permissions.

    • Please be aware of the consequences of requiring your bot to have the Administrator permission.

    • Bot owners must have 2FA enabled for certain actions and permissions when added in servers that have Server-Wide 2FA enabled. Check the 2FA support page for more information.


    OAuth2 Permissions


  7. Now the resulting URL can be used to add your bot to a server. Copy and paste the URL into your browser, choose a server to invite the bot to, and click Authorize.

    info

    The person adding the bot needs "Manage Server" permissions to do so.

If you want to generate this URL dynamically at run-time inside your bot and using the Permissions interface, you can use utils.oauth_url.