#Help Using the Discord API

I am attempting to add a guild member but I'm getting a 401 (unauthorized) repsponse, please help.

                var guildResponse = await fetch(`https://discord.com/api/guilds/${guildId}/members/${userId}`, {
                method:"PUT",
                    headers: {
                        authorization: `{BOT TOKEN HERE}`,
                        "Content-Type": "application/json"
                    },
                    body: JSON.stringify({
                        access_token:authToken
                    })
                })

                guildResponse = await guildResponse.json()

                console.log(guildResponse)

You can't add members

oauth2

I've got the oauth2 token with the guild.add scope

What do you mean add?

Do you have the users Oauth2 token to do that?

yep

and I'm sure it works as ive tested it on another request

Oh weird, that must be a new API endpoint

Yeah, it is a new endpoint

Are you getting an error response?

But having the bot have the Oauth2 scope for that is not enough, you need the users token

users token is authToken

from what I understood the endpoint wants it in the body

unsure about it tho

users token is what you get from using the oauth2 link right?

just so I understand you

You mean the invite link for the bot?

The user should have been sent to the authorization web page which then gives you an auth token

no the like

yep

I did that

and thats the token im talking about

Ok, does your bot have invite perms on the server?

yep, full admin perms

You can't just set the token. You've gotta indicate the token type.

authorization: `BOT {BOT TOKEN HERE}`,

oh

https://discord.com/developers/docs/reference#authentication

Here's the docs

I think that's correct

but I'm still getting a 401

actually

wait 1 sec

getting a 403 now 😐

And you have that scope set under the bot scopes in the dev portal?

yep administrator

And the oauth page is actually authorizing a guild join?

the scopes i selected for oauth were identify and guild.join

You can't just change the oauth perms. You've gotta get a new token if you do.

I had them like that since the beginning

new token:

actually small question

the oauth token can be used several times

as long as it hasn't expired

correct?

since if not then that's the cause

It should be

yeah it is

You're not getting json back, you're getting HTML. Try dumping that HTML and seeing what it says

just added an identify

ok

@glossy flume make a bot

;-;

once you did make the user you want invited authorized the bot with the account https://discord.com/oauth2/authorize?client_id=YOUR_CLIENT_ID&permissions=YOUR_PERMISSIONS&scope=bot

They have a bot working ...

oh my bad

hold on @alpine briar does the bot and bearer thing apply to the access_token param as well?

They're trying to get the endpoint to authorize and we're in the process of debugging that

No

shit ok

// Get the user's access token
const response = await fetch(`https://discord.com/api/oauth2/token`, {
  method: "POST",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  body: `client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=YOUR_REDIRECT_URI`
});

const { access_token } = await response.json();

// Add the user to the guild
const guildResponse = await fetch(`https://discord.com/api/guilds/${guildId}/members/${userId}`, {
  method: "PUT",
  headers: {
    authorization: `Bot ${BOT_TOKEN}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    access_token
  })
});

const guildData = await guildResponse.json();

console.log(guildData);

oh the authorize doesnt work?

accessToken is authToken

@wary moat you're not helping rn

We're already debugging what's wrong

I just did access_token:authToken

What you had here looks correct except for the authorization header which I showed you how to change

Did you do that change to that code?

yeah

btw when debugging with insomnia

it works

so its probably something relating to the code

Were you able to dump the HTML to see what's wrong? I think cloudflare may be blocking you

Still trying

but this is the new code

shit forgot to blur token

1 sec

Lol

var guildResponse = await fetch(`https://discord.com/api/guilds/810512343175528539/members/${userId}`, {
                method:"PUT",
                    headers: {
                        authorization: `Bot TOKEN`,
                        "Content-Type": "application/json"
                    },
                    body: JSON.stringify({
                        access_token:authToken
                    })
                })

So you have the word "Bot" followed by a space and then the token?

thats what it was in identify as well so i think it should be like that yea

Ok that's correct

var userResponse = await fetch('https://discord.com/api/users/@me', {
                    headers: {
                        authorization: `${authType} ${authToken}`,
                    },
                })

identify btw incase you need it

Ok so that's giving the 403, are you able to log out the HTML it's giving you

const guildResponse = await fetch(`https://discord.com/api/guilds/810512343175528539/members/${userId}`, {
  method: "PUT",
  headers: {
    authorization: `Bot ${BOT_TOKEN}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    access_token: authToken
  })
});

console.log(guildResponse);
``` log the guild respond

im gonna be honest with you im trying but im unable to

;-;

https://cdn.discordapp.com/attachments/1051586465005588540/1051589612105113690/image.png

Just wanna determine if it's cloudflare before I try to explain how to fix it

1 sec let me try something else ig

I can't replicate the error on insomnia

hm

You can try using a tool like Postman or curl to make a request to the API endpoint manually to see if you get the same error. This can help you determine if the issue is with your code or if there is a problem with the API itself.

insomnia is like postman

@wary moat please let us debug THE CODE

ok

body returns a readableStream

hmmm

just console log the guild response variable

yeah it doesn't give the html

let me try logging text

got it

var guildResponse = await fetch(`https://discord.com/api/guilds/810512343175528539/members/${userId}`, {
    method:"PUT",
    headers: {
        authorization: `Bot TOKEN`,
        "Content-Type": "application/json"
    },
    body: JSON.stringify({
        access_token:authToken
    })
});

guildResponse = await guildResponse.json();

console.log(guildResponse);  // Log the entire response object
console.log(guildResponse.status);  // Log the HTTP status code
console.log(guildResponse.message);  // Log any error message included in the response
``` gotta go into it again

i read that wrong thoguht u said http

let me open an html file with the data i got

@alpine briar its cloudflare

Ok you need to set a user agent

Lemme get the docs

cant show details as dont wanna get hacked

https://discord.com/developers/docs/reference#user-agent

That'll go on the header section

just to understand

have I been rate limited

or what happened

No

They just want you to have a user agent

ok

Any luck?

trying to understand the user-agent stuff

but this doesnt work "User-Agent":"groupname/1.0"

oh wait discord has a format

Yeah follow their format

It should work

what url and version number is it refering to exactly

Anything you want to put.

is it optional

or

The idea is it would be the website for your bot and your bots version

guessing localhost is not a website

havnt yet got a domain

I don't think it checks the validity

google.com here i come

or actually discord.com

still 403

sigh

"User-Agent":"DiscordBot (https://discord.com/, 1.0)"

Strange

I used my GitHub repo URL

its either theyre smart and made it filter discord.com

or im extremely stupid

nope google doesn't work either

hm

What's the updated code

403

if youre talking about teh html let me check

Nah the code you wrote

var guildResponse = await fetch(`https://discord.com/api/guilds/810512343175528539/members/${userId}`, {
                method:"PUT",
                    headers: {
                        authorization: `Bot TOKEN HERE`,
                        "Content-Type": "application/json",
                        "User-Agent":"DiscordBot https://google.com/, 1.0"
                    },
                    body: JSON.stringify({
                        access_token:authToken
                    })
                })

removed the brackets

thought they may be the cause

but it doesn't work with or without

DiscordBot (https://google.com, 1.0)
Doesn't work?

yep

And it's still giving you a cloud flare page?

yep

Huh

What's odd is cloudflare doesn't check the body so it's only the headers that matter rn. So something about that must be incorrect. Are you running the code from a server or your personal computer?

localhost right now

using a server to host the pages

server = (express.js)

And the server is able to go through all the oauth steps without issue?

yep it works with the identify request

so it isnt my ip adress

its probably the header a wrong letter or something

but ive checked 5 times

nothing seems to be off

You're missing the API version number

In the endpoint url

discord api?

https://discord.com/api/v{version_number}

nah that gotta be fake

since this

Docs https://discord.com/developers/docs/reference#api-versioning

doesnt yet works

im gonna lose it if its a url error

It is lol

I hope anyways

403

thank god

used v10

OMG haha

var guildResponse = await fetch(`https://discord.com/api/v10/guilds/810512343175528539/members/${userId}`, {
                method:"PUT",
                    headers: {
                        authorization: `Bot TOKEN`,
                        "Content-Type": "application/json",
                        "User-Agent":"DiscordBot (https://google.com/, 1.0)"
                    },
                    body: JSON.stringify({
                        access_token:authToken
                    })
                })

I'd leave that. Without it you're defaulted to the deprecated v6 API

oh-

who made it default to v6 tho-

and more importantly, why

Probably for legacy reasons

idk at this point

Insomnia is running from the same computer as your code right?

yeah

thats whats confusing me

Can you see what the requests it makes look like?

regular request

nothing special

same exact headers i believe

body:

oh hold on

in the time line it does define a user agent

but without the discord format

yet it works

yet this exact user agent doesnt work in code

Try fetching info about the bot user with a get request to /users/@me

Let's see if it'll let you make any requests at all

how do i oauth the bot exactly-

Not sure what you mean?

to identify i need an accesstoken to the user im accessing

or does the bot token also work

Again, not sure what you mean

it worked

i got a regular response

no errors

For the users/@me?

yeah

with the bot info

Ok, so the headers seem fine...

The access_token is being set to the auth token you get back from the user authorization web page right?

yep

the access token

You exchange the code you're given for the access token correct?

https://discord.com/developers/docs/topics/oauth2#authorization-code-grant-redirect-url-example

yeah i get the code from the oauth page, then use it to get the access token and token type and expiry, etc..

ive went over this page 50 times yesterday

may it be the endpoint unoperational

or requires a verified app with over 100+ servers

And you're definitely requesting the guild join permission in the oauth

scope=identify%20guilds.join

directly from the oauth link

brb

Can you link the docs for the join guild endpoint

https://discord.com/developers/docs/resources/guild#add-guild-member

I feel like the data gotta be filled entirely for that to even attempt to go through

access_token, nick, roles, mute, deaf

It says everything but access token is optional. It'll default to the username, no roles, false, and false. Same as a user following an invite link.

Ahh

back

any news?

doesnt seem like it

ok

Ok

• make sure the bot token belongs to the same app as the oauth authorization
• make sure the guild id is correct
• make sure the user id is correct

Beyond that I dunno what to tell you. Everything looks correct.

insomnia worked

so all that must be correct

else it wouldnt have

should i contact discord support or?

may be a problem with their cloudflare

actually ive got an idea but ill need to do it tmrw as i gotta head off for now

ill use another endpoint

if we can confirm that the other endpoint works with the same headers

then its something relating to the endpoint for guild.join

in which ig we can confirm its not from our side

but I dont believe discord would leave something like that unnoticed

hm

if not then its probably the headers

anyways contiue tmrw ig, thanks for the help till now tho

as ik that this is taking up a lot of your time

Well you were able to use the /users/@me API endpoint, so the headers are fine it seems. Are you on the official Discord Developers server? They have an API questions channel.

I'd suggest using the /users/@me endpoint again but as a PATCH request. It'll let you send a body payload, so it'll be very similar to the join endpoint. Just give your bot a new name
https://discord.com/developers/docs/resources/user#modify-current-user

That or use the /users/@me/channels with a POST request to create a DM channel
https://discord.com/developers/docs/resources/user#create-dm

The /users/@me endpoints are good for debugging API issues because they don't require special permissions.

Sounds good will try tmrw 👍

Thanks again

Np

the headers in the identify endpoint differ I believe

as the token im sending is the bot's token

not the access token of oauth2

I believe its the same for /users/@me..

since you're not passing anything to the headers this time

but ill try it regardless

hold up what

I'm getting a 401 for the patch to /users/@me

nvm its working now

turns out it did need the bot token for authorization

guess I may have missed it in the docs

even without user-agent

guessing the error must be with the endpoint for adding user guilds then..?

Every API request must have the authorization header with the bot token

yeah realized that

still trying to find a solution tho

Maybe I'll try and see if I can't get the API to work for me tonight.

api server no response

alright

the discord*

problem is this is the last feature remaining for my application

gonna hope a solution is found soon

since I cant work on anything till it works

I have a working discord API wrapper written in Python. So I know I have everything working. I'll just need to use the endpoint and see if it works for me.

alright

if in dire cases we cant get it to work I believe I can probably make it to be manually done by the admin for now

although that will be an inconvenience but I believe should be good enough till its fixed

Ended up not having time tonight. I'm gonna leave this post unread and look into it tomorrow evening.

Just wanna bump this. Holidays are really making it hard to get stuff done.

alright

I'll contact discord support regardless

the fact that the api server no one responded

gives me a little bit of suspicion that it may be an api side error

@alpine briar any updates?

Sorry. I've been very busy with the holiday season.