Developer Documentation

Build Discord bots, apps, and server automations

Use Discord API access, OAuth2, Gateway events, webhooks, permissions, and bot tools to create slash commands, moderation workflows, alerts, and interactive community features.

API
OAuth2
Bots
Gateway
Webhooks
Permissions
Overview

Discord API and bot development overview

Discord developer work usually starts with applications, bots, OAuth2 installs, slash commands, Gateway events, webhooks, and server automation. Stable integrations depend on clear resource mapping, permission design, rate-limit handling, and reliable event processing.

Built for

Bot developers, community automation builders, SaaS teams, moderation tool makers, and product teams connecting external workflows to Discord servers.

Getting Started

Start a Discord app or bot integration

  1. Create an application in the developer portal and define its basic identity.
  2. Add bot capabilities, OAuth2 installs, or interaction support based on the use case.
  3. Choose only the scopes, permissions, and redirect URIs the integration actually needs.
  4. Invite the app into a test server and validate commands, webhooks, events, and error paths.
  5. Prepare rate-limit handling, logging, deployment notes, and a rollback plan before wider release.
APPLICATION_COMMAND
INTERACTION_CREATE
MESSAGE_CREATE
GUILD_MEMBER_ADD
WEBHOOK_EXECUTE
Auth

OAuth2, bot tokens, and app authorization

Most Discord integrations rely on bot tokens, OAuth2 authorization, scopes, redirect URIs, and install flows. Bots handle service-side actions, while OAuth2 connects user-approved access and app installation behavior.

  • Bot token: lets the app perform approved bot actions and must stay server-side.
  • OAuth2: manages user authorization, app installs, identity-linked flows, and redirect behavior.
  • Scopes: define which user, guild, bot, or command access the app can request.
  • Redirect URI: must match the configured application settings before authorization works.
Security note

Keep tokens out of frontend code, rotate exposed secrets quickly, validate redirect URLs, and avoid broad permissions that the integration does not need.

Permissions

Role permissions and channel access

Discord permissions combine server roles, channel overrides, member state, and administrator exceptions. Good bot design starts with least-privilege access and clear separation between member, moderator, admin, and automation roles.

Layer Purpose Common scenario
Server level Baseline access and administrative capability Admin actions, audit workflows, member management
Role level Group permissions assigned to members and bots Moderators, verified members, guests, automation roles
Channel level Local overrides for specific spaces Read-only announcements, private rooms, staff channels
Gateway

Gateway events, interactions, and slash commands

Gateway events allow apps and bots to react to messages, members, voice states, channel updates, and interactions in real time. Slash commands and interaction events are often the cleanest way to create predictable user-facing workflows.

INTERACTION_CREATE
APPLICATION_COMMAND
MESSAGE_CREATE
VOICE_STATE_UPDATE
CHANNEL_UPDATE

At the business layer, handle deduplication, retries, queueing, and state recovery so reconnects or repeated events do not create inconsistent server behavior.

Automation

Webhooks, alerts, and server automation

Webhooks are a lightweight way to send alerts, CI/CD updates, monitoring events, content posts, incident messages, and operational broadcasts into Discord channels without building a full bot workflow.

  • Best for one-way delivery into a channel
  • Less suitable for complex two-way interactions
  • Easy to connect with scripts, dashboards, build pipelines, and external platforms
Best Practices

Best practices for stable Discord integrations

  • Design permissions around least privilege and document why each scope is required.
  • Respect rate limits, queue high-volume work, and retry failures carefully.
  • Log important bot actions, moderation events, and integration failures.
  • Separate test servers, staging apps, and production installations.
  • Validate token rotation, missing permissions, reconnects, API errors, and webhook failures before launch.
Recommended setup

For long-term maintenance, keep an internal map of scopes, permissions, slash commands, event handlers, webhook endpoints, and deployment steps.

Build on Discord

Ready to test your Discord app or bot?

Download Discord to test server behavior in a real client, or review privacy details before working with account data, messages, permissions, and automation flows.