Setting up a bot application

Creating your bot

Now that you've installed Node, discord.js, and hopefully a linter, you're almost ready to start coding! The next step you need to take is setting up an actual Discord bot application via Discord's website.

It's effortless to create one. The steps you need to take are as follows:

  1. Open the Discord developer portalopen in new window and log into your account.
  2. Click on the "New Application" button.
  3. Enter a name and confirm the pop-up window by clicking the "Create" button.

You should see a page like this:

Successfully created application

You can edit your application's name, description, and avatar here. Once you've saved your changes, move on by selecting the "Bot" tab in the left pane.

Create a bot UI

Click the "Add Bot" button on the right and confirm the pop-up window by clicking "Yes, do it!". Congratulations, you're now the proud owner of a shiny new Discord bot! You're not entirely done, though.

Your bot's token

DANGER

This section is critical, so pay close attention. It explains what your bot token is, as well as the security aspects of it.

After creating a bot user, you'll see a section like this:

Bot application

In this panel, you can give your bot a snazzy avatar, set its username, and make it public or private. Your bot's token will be revealed when you press the "Reset Token" button and confirm. When we ask you to paste your bot's token somewhere, this is the value that you need to put in. If you happen to lose your bot's token at some point, you need to come back to this page and reset your bot's token again which will reveal the new token, invalidating all old ones.

What is a token, anyway?

A token is essentially your bot's password; it's what your bot uses to login to Discord. With that said, it is vital that you do not ever share this token with anybody, purposely or accidentally. If someone does manage to get a hold of your bot's token, they can use your bot as if it were theirs—this means they can perform malicious acts with it.

Tokens look like this: NzkyNzE1NDU0MTk2MDg4ODQy.X-hvzA.Ovy4MCQywSkoMRRclStW4xAYK7I (don't worry, we immediately reset this token before even posting it here!). If it's any shorter and looks more like this: kxbsDRU5UfAaiO7ar9GFMHSlmTwYaIYn, you copied your client secret instead. Make sure to copy the token if you want your bot to work!

Token leak scenario

Let's imagine that you have a bot on over 1,000 servers, and it took you many, many months of coding and patience to get it on that amount. Your bot's token gets leaked somewhere, and now someone else has it. That person can:

  • Spam every server your bot is on;
  • DM spam as many users as possible;
  • Delete as many channels as possible;
  • Kick or ban as many server members as possible;
  • Make your bot leave all of the servers it has joined;
  • Access and damage the underlying infrastructure (your server).

All that and much, much more. Sounds pretty terrible, right? So make sure to keep your bot's token as safe as possible!

In the initial files page of the guide, we cover how to safely store your bot's token in a configuration file.

DANGER

If your bot token has been compromised by committing it to a public repository, posting it in discord.js support etc. or otherwise see your bot's token in danger, return to this page and press "Reset Token". This will invalidate all old tokens belonging to your bot. Keep in mind that you will need to update your bot's token where you used it before.