Section titled Setting up an applicationSetting up an application
You'll need to create an application on Discord's developer portal so your bot has a token to interact with Discord's API.
Section titled Creating the applicationCreating the application
Follow these steps:
- Open the Discord developer portal. You'll need to be logged in.
- Click on the "New Application" button.
- Enter a name and confirm the pop-up window by clicking the "Create" button.
- You'll need to agree to the Developer Terms of Service and Developer Policy.
You should see a page like this:
You can edit your application's name, description, and avatar here. Copy the application id and paste it in the .env file after APPLICATION_ID=.
Once you've saved your changes, move on by selecting the "Bot" tab in the left pane.
Section titled Your bot's tokenYour bot's token
This section is critical, so pay close attention. It explains what your bot token is, as well as the security aspects of it.
On the bot tab, you'll see a section like this:
In this panel, you can give your bot a snazzy avatar, set its username, and make it public or private. Your bot's token will be revealed when you press the "Reset Token" button and confirm. Once you've done this, copy it and paste it in the .env file after DISCORD_TOKEN=.
If you happen to lose this token at some point, you will need to come back to this page and reset it, which will reveal the new token, invalidating all old ones.
Section titled Bot token explanationBot token explanation
A token is essentially your bot's password; it's what your bot uses to login to Discord. With that said, it is vital that you do not ever share this token with anybody, purposely or accidentally. If someone does manage to get a hold of your bot's token, they can use your bot as if it were theirs—this means they can perform malicious acts with it.
Tokens look like this: NzkyNzE1NDU0MTk2MDg4ODQy.X-hvzA.Ovy4MCQywSkoMRRclStW4xAYK7I (don't worry, we immediately reset this token before even posting it here!). If it's any shorter and looks more like this: kxbsDRU5UfAaiO7ar9GFMHSlmTwYaIYn, you copied your client secret instead. Make sure to copy the token if you want your bot to work!
Section titled Token leak scenarioToken leak scenario
Let's imagine that you have a bot on over 1,000 servers, and it took you many, many months of coding and patience to get it on that amount. Your bot's token gets leaked somewhere, and now someone else has it. That person can:
- Spam every server your bot is on;
- DM spam as many users as possible;
- Delete as many channels as possible;
- Kick or ban as many server members as possible;
- Make your bot leave all of the servers it has joined;
All that and much, much more. Sounds pretty terrible, right? So make sure to keep your bot's token as safe as possible!
If your bot token has been compromised by committing it to a public repository, posting it in discord.js support etc. or otherwise see your bot's token in danger, return to this page and press "Reset Token". This will invalidate all old tokens belonging to your bot. Keep in mind that you will need to update your bot's token where you used it before.