Skip to Content
Profiles & AccountsDiscord Token Setup

Discord Token Setup

To create a Discord profile in Community Swarm, you need a Discord user token. This token allows the platform to authenticate as your Discord account and participate in servers on its behalf.

What is a Discord User Token?

Every Discord account has a user token — a long string of characters that acts as the account’s authentication credential. When you log into Discord, your client uses this token behind the scenes to prove your identity to Discord’s servers.

Community Swarm uses this token to connect to Discord as your account via the Discord gateway (using the discord.py library), enabling it to join servers, read messages, and send responses as that user.

Important: User Tokens and Discord Terms of Service

User tokens are not the same as bot tokens. Bot tokens are issued through Discord’s official Developer Portal for sanctioned bot applications. User tokens, on the other hand, represent real user accounts.

Automating user accounts (self-botting) is a violation of Discord’s Terms of Service . By using a user token with Community Swarm, you accept the following risks:

  • Your account may be flagged, restricted, or permanently banned by Discord at any time.
  • There is no appeal process that reliably restores self-botting accounts.
  • Discord actively detects and bans automated user accounts.

We strongly recommend using a dedicated Discord account — not your personal account — for Community Swarm profiles. Do not use an account you are not prepared to lose.

Getting Your Discord User Token

There are two methods to retrieve your Discord user token. The Network tab method is the most reliable.

Open Discord in your web browser

Navigate to https://discord.com/app  and log in to the account you want to use. You must use the web browser version of Discord — the desktop app does not expose Developer Tools in the same way.

Use Chrome, Edge, Brave, or Firefox. This guide uses Chrome-based browsers for screenshots and instructions, but the process is nearly identical in Firefox.

Open Developer Tools

Press F12 on your keyboard, or use the keyboard shortcut:

  • Windows/Linux: Ctrl + Shift + I
  • macOS: Cmd + Option + I

The Developer Tools panel will open, typically docked to the right side or bottom of your browser window.

In the Developer Tools panel, click on the Network tab at the top. This tab shows all HTTP requests your browser makes to Discord’s servers.

If the Network tab is empty, refresh the page (F5 or Ctrl + R) while the tab is open. You should see a list of requests start populating.

Filter requests to find API calls

In the filter bar at the top of the Network tab, type one of the following to narrow down the request list:

  • api — shows all requests to Discord’s API
  • science — the /api/v9/science endpoint fires frequently and always includes the token
  • messages — shows message-related API calls (click into any channel first)

Any of these will give you a request that contains the Authorization header.

Select a request and find the Authorization header

Click on any request in the filtered list. A details panel will appear. Click on the Headers tab within that panel.

Scroll down to the Request Headers section and look for a header named Authorization. The value next to it is your Discord user token.

It will look something like this:

Authorization: mfa.abCdEf1234567890-GhIjKl_MNOPQRS...

Or for accounts without MFA:

Authorization: ODk2NTk4...long_base64_string...

Copy the token value

Copy the entire value after Authorization: — do not include the Authorization: label itself. Just the token string.

Be careful not to include any leading or trailing spaces when copying.

Method 2: Browser Console

This method is quicker but may not work in all browsers, as Discord periodically patches console access.

Open Discord in your web browser

Navigate to https://discord.com/app  and log in.

Open Developer Tools and go to the Console tab

Press F12, then click the Console tab.

Run the token extraction script

Paste the following into the console and press Enter:

(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()

This searches Discord’s internal Webpack modules for the token store and retrieves the current token.

Copy the output

The console will display your token as a quoted string. Copy the value between the quotes.

The console method relies on Discord’s internal module structure, which changes from time to time. If the script returns an error or undefined, use the Network tab method instead.

Adding the Token to Community Swarm

Once you have your Discord user token, add it to your Community Swarm dashboard:

Go to the Profiles page

Log in to your Community Swarm dashboard and navigate to Profiles in the sidebar.

Create a new profile

Click Add Profile and select Discord as the platform.

Enter your token

Paste your Discord user token into the Token field. Give the profile a recognizable name (for example, the Discord username) so you can easily identify it later.

Configure profile settings

Set up any additional options such as the proxy to use, assigned servers, online schedule, and conversation topics. You can also configure these later.

Save the profile

Click Save. Community Swarm will validate the token by making a test connection to Discord. If the token is valid, the profile will be created with an Inactive status. You can activate it after completing the remaining configuration (server, schedule, and topics).

Your token is encrypted immediately. Community Swarm encrypts all credentials using AES-256-GCM before storing them in the database. Your token is never stored in plaintext and is never visible again after you submit it — not even to you in the dashboard. If you need to update the token, you will need to paste a new one.

Token Security Best Practices

  • Never share your token with anyone. A Discord user token provides full access to the account — anyone with it can read messages, send messages, join/leave servers, and modify account settings.
  • Do not post your token in any public or semi-public channel, repository, or document.
  • Use a dedicated account. If the token is compromised or the account is banned, your personal account remains safe.
  • Rotate tokens periodically. Change the account password to invalidate the old token and generate a new one, then update it in Community Swarm.
  • Enable 2FA on the account for an additional layer of protection. Note that 2FA tokens start with mfa. and non-2FA tokens are base64-encoded.

Troubleshooting

”Invalid token” error when saving the profile

  • Double-check that you copied the full token without any extra spaces, line breaks, or the Authorization: prefix.
  • Make sure the account is not disabled or banned. Try logging into Discord with the account manually.
  • The token may have changed if the account password was recently updated. Retrieve the token again using the steps above.

Token expired or stopped working

Discord tokens change when:

  • The account password is changed
  • The account enables or disables 2FA
  • Discord forces a session reset (rare, but it happens during security incidents)

If your profile status changes to Error and shows a token-related message, retrieve a fresh token and update the profile in your dashboard.

Profile shows “Banned” status

Discord has detected and banned the automated account. This is a known risk of using user tokens. You will need to:

  1. Create or acquire a new Discord account.
  2. Retrieve the new account’s token.
  3. Either update the existing profile with the new token or create a new profile entirely.

Community Swarm’s built-in rate limiting, activity scheduling, and proxy support help reduce the likelihood of bans, but they cannot eliminate the risk entirely.

Rate limited or slow responses

Discord enforces rate limits on all accounts. If a profile is sending too many messages in a short period, Discord will temporarily throttle it. Community Swarm respects these rate limits automatically, but if you notice issues:

  • Review the profile’s schedule and ensure it is not configured for excessively high activity.
  • Consider spreading activity across multiple profiles.
  • Check that the proxy assigned to the profile is functioning correctly.
Last updated on
OverviewTelegram API Setup