#Discord API Check Bot issue

6 messages · Page 1 of 1 (latest)

sterile flower Apr 15, 2026, 3:02 PM

I need you to help me debug Discord bot auth.
My bot works enough to appear online in OpenClaw, but direct Discord API checks to /users/@me with Authorization: Bot <token> return 403 Forbidden even after resetting the bot token multiple times.
I need a precise checklist for what could cause that, specifically for Discord bot tokens, not OAuth user tokens.
Also tell me how to verify I’m copying the real Bot Token and not Client Secret / Public Key / wrong credential.
Keep it practical and short.

mighty shoalBOT Apr 15, 2026, 3:06 PM

Short checklist for a Discord bot token 403 on GET /users/@me:

Verify you copied the real Bot Token
- Source must be: Discord Developer Portal → Your App → Bot → Token → Copy / Reset Token
- If it came from General Information (Application ID, Public Key) or OAuth2 (Client Secret), it is the wrong credential.
Test it outside the browser
- Use curl or Postman, not browser fetch().
- Browser tests can fail because of CORS/client restrictions and look like auth issues.

Use the exact header

curl -i https://discord.com/api/v10/users/@me \
  -H "Authorization: Bot YOUR_TOKEN"

Must be Bot, not Bearer
No quotes/newlines/spaces inside the token

Do not chase intents/permissions for this check
- Guild perms, invite scopes, Message Content Intent, etc. do not affect /users/@me
If OpenClaw is online but your raw test fails
- OpenClaw may be using a different token source than the one you’re manually testing
- Check config/env precedence for channels.discord.token: https://docs.openclaw.ai/channels/discord
Make sure the token was not auto-revoked
- If it was pasted into logs, chat, or a public repo, Discord may revoke it
- Reset again, update every place using it, restart the gateway
Make sure it’s the same app/bot
- Easy mistake: testing token from App A while Bot B is the one that appears online

Quick rule: for a bot token, the credential should only ever come from the Bot page.

If you want, paste the exact curl -i response status + body shape, and openclaw --version, and I can narrow it down fast.

sterile flower Apr 15, 2026, 3:09 PM

I need you to be brutal and precise.
My Discord bot is online in OpenClaw, but direct API checks with Authorization: Bot <token> to /users/@me still return 403.
I want you to help me verify whether I’m copying the actual Bot Token from Developer Portal → App → Bot → Token, and not Application ID / Public Key / Client Secret.

im on 4.12
just added the bot and i want it to be able to manage my threads

mighty shoalBOT Apr 15, 2026, 3:10 PM

Brutal version:

If the value did not come from Developer Portal → Your App → Bot → Token, it is not the bot token.

How to tell them apart:

Bot Token: only on Bot page, under Token, via Copy or Reset Token
- usually looks like 3 dot-separated chunks
- this is the only one valid for Authorization: Bot ...
Application ID: on General Information
- all digits, a snowflake ID
- wrong
Public Key: on General Information
- long hex string
- wrong
Client Secret: on OAuth2
- secret-looking string, but not a bot token

wrong

Use this exact test, from curl, not browser fetch:

curl -i https://discord.com/api/v10/users/@me \
  -H "Authorization: Bot YOUR_REAL_BOT_TOKEN"

What matters:

Bot prefix, not Bearer
token copied from Bot page only
no extra whitespace/newline
test from curl/Postman/server-side, not browser
intents and thread permissions do not affect /users/@me

Important: 4.12 is old, but a raw /users/@me 403 is still a Discord auth/test issue first, not an OpenClaw feature issue.