You have a valid token format but Discord keeps returning Error 40001 Unauthorized. This means your token looks correct — it has the right length, characters, and structure — but the server still refuses your request. The issue is not in the token’s format but in its validity, permissions, or the way it is sent. This article explains the real causes of Error 40001 and provides step-by-step fixes to resolve it.
Key Takeaways: Fixing Discord Error 40001 Despite a Valid Token Format
- Token Revocation or Expiry: A token that was valid can be revoked by the user or expire after a set time; check if your token is still active.
- Incorrect Authorization Header Format: The token must be sent as “Bot TOKEN” or “Bearer TOKEN” exactly as documented; a missing prefix causes error 40001.
- Missing Bot Permissions or Scopes: Even with a valid token, the bot or OAuth2 app must have the correct permissions and scopes for the requested endpoint.
Why Discord Returns Error 40001 Despite a Valid Token Format
Discord Error 40001 is defined as “Unauthorized.” It means the server could not authenticate the request because the provided token is not accepted. A token with a valid format — three base64-encoded segments separated by dots — does not guarantee acceptance. The token must also be:
- Active and not revoked by the user or Discord
- Sent in the correct Authorization header format
- Associated with a bot or application that has the required permissions
- Not expired (some tokens have a limited lifetime)
The most common cause is a revoked or regenerated token. When you regenerate a bot token in the Discord Developer Portal, all old tokens become invalid immediately. Another frequent cause is using a user token instead of a bot token — user tokens have different authentication rules and are not meant for bot API access.
Steps to Fix Discord Error 40001 Unauthorized
1. Regenerate and Replace the Bot Token
- Open the Discord Developer Portal
Go to discord.com/developers/applications and log in with your Discord account. - Select your application
Click on the application that owns the bot or OAuth2 token. - Navigate to the Bot section
In the left sidebar, click “Bot.” - Click Reset Token
Under the token display area, click “Reset Token.” Confirm the action. A new token appears. - Copy the new token
Click “Copy” to save the new token to your clipboard. - Update your code or configuration
Replace the old token with the new one in your bot script, environment variable, or config file. Restart your bot or application.
2. Verify the Authorization Header Format
- Check the header name
The header must be named “Authorization” — not “auth”, “token”, or any other variant. - Check the header value prefix
For bot tokens, the value must be “Bot ” followed by the token. Example:Authorization: Bot MTExMjIzMzM0NDU2Nzg5MDAw.GxYzAb.abcdefghijklmnopqrstuvwxyz - For OAuth2 tokens
Use “Bearer ” followed by the access token. Example:Authorization: Bearer ya29.a0AfH6SMC... - Remove extra spaces or newlines
Ensure the token string has no leading or trailing whitespace. Copy it directly from the Developer Portal.
3. Confirm the Token Belongs to the Correct Application
- Match the token to the application ID
In the Developer Portal, the bot token is tied to a specific application. If you copied a token from one application and use it with another, you get error 40001. - Check the Client ID
In the General Information section of your application, note the Client ID. Ensure your code uses the same Client ID when making API calls.
4. Verify Bot Permissions and Intents
- Go to the Bot section
In the Developer Portal, click “Bot” in the left sidebar. - Enable Privileged Gateway Intents
If your bot needs to read message content, see members, or track presence, toggle on the corresponding intents: “Message Content Intent,” “Server Members Intent,” or “Presence Intent.” Without these, some endpoints return 40001. - Set the correct permissions for the bot
When adding the bot to a server, ensure it has the permissions required for the actions it performs. For example, to send messages, the bot needs the “Send Messages” permission.
5. Check for Token Expiration or Rotation
- Bot tokens do not expire
Bot tokens have no built-in expiration. However, if you or another developer regenerated the token, the old one stops working immediately. - OAuth2 tokens may expire
If you are using an OAuth2 access token, check its expiration time. Refresh the token using the refresh token if available.
If Discord Still Returns Error 40001 After the Main Fix
Bot Goes Offline After Token Regeneration
After regenerating the token, your bot may stay offline until you restart the bot process. The old token is stored in memory or environment variables. Stop the bot, update the token in your code or config, and start the bot again.
Error 40001 When Using a User Token
User tokens are not intended for bot API access. Using a user token in a bot context violates Discord’s Terms of Service and can result in account termination. Always use a bot token for bot operations. If you are building a self-bot, stop — Discord prohibits this.
API Endpoint Requires Specific Scopes
Some Discord API endpoints require specific OAuth2 scopes. For example, the Guild Members endpoint requires the “guilds.members.read” scope. If your token lacks the required scope, you get error 40001. Review the Discord API documentation for the endpoint you are calling and ensure your OAuth2 flow includes the correct scopes.
Discord Token Types: Bot Token vs OAuth2 Token vs Webhook Token
| Item | Bot Token | OAuth2 Token | Webhook Token |
|---|---|---|---|
| Purpose | Authenticate a bot for server operations | Authenticate a user or app via OAuth2 flow | Authenticate webhook requests to send messages |
| Format | Three base64 segments separated by dots | Can be a JWT or opaque string | Long alphanumeric string |
| Prefix in Authorization header | Bot | Bearer | None (sent as URL parameter) |
| Expiration | Does not expire (unless regenerated) | Expires after a set time (usually 7 days) | Does not expire |
| Scope | Permissions set in Developer Portal | Scopes requested during OAuth2 flow | Only the webhook’s channel |
Discord Error 40001 Unauthorized is almost always a token validity issue, not a format issue. By regenerating the token, verifying the Authorization header format, and confirming correct permissions, you can resolve the error. If the problem persists, check for token expiration or scope mismatches. Always use the correct token type for your use case — bot tokens for bots, OAuth2 tokens for user-authorized actions, and webhook tokens for webhooks. For advanced automation, consider using Discord’s interaction endpoints with proper signing instead of raw tokens.