Building a Discord Bot

Create an application on Discord Developer Portal#

  1. Go to https://discord.com/developers/applications (login using your discord account if required).
  2. Click on New Application button available at left side of your profile picture.
  3. Name your application and click on Create.
  4. Go to Bot section, click on Add Bot, and finally on Yes, do it! to confirm.

That's it. A new application is created which will hold our Slash Command. Don't close the tab as we need information from this application page throughout our development.

Before we can write some code, we need to curl a discord endpoint to register a Slash Command in our app.

Fill DISCORD_BOT_TOKEN with the token available in the Bot section and CLIENT_ID with the ID available on the General Information section of the page and run the command on your terminal.

3curl -X POST \
4-H 'Content-Type: application/json' \
5-H "Authorization: Bot $BOT_TOKEN" \
6-d '{"name":"hello","description":"Greet a person","options":[{"name":"name","description":"The name of the person","type":3,"required":true}]}' \

This will register a Slash Command named hello that accepts a parameter named name of type string.


// Sift is a small routing library that abstracts away details like starting a
// listener on a port, and provides a simple function (serve) that has an API
// to invoke a function for a specific path.
import { json, serve, validateRequest } from 'sift'
// TweetNaCl is a cryptography library that we use to verify requests
// from Discord.
import nacl from 'tweetnacl'

enum DiscordCommandType {
  Ping = 1,
  ApplicationCommand = 2,

// For all requests to "/" endpoint, we want to invoke home() handler.
  '/discord-bot': home,

// The main logic of the Discord Slash Command is defined in this function.
async function home(request: Request) {
  // validateRequest() ensures that a request is of POST method and
  // has the following headers.
  const { error } = await validateRequest(request, {
    POST: {
      headers: ['X-Signature-Ed25519', 'X-Signature-Timestamp'],
  if (error) {
    return json({ error: error.message }, { status: error.status })

  // verifySignature() verifies if the request is coming from Discord.
  // When the request's signature is not valid, we return a 401 and this is
  // important as Discord sends invalid requests to test our verification.
  const { valid, body } = await verifySignature(request)
  if (!valid) {
    return json(
      { error: 'Invalid request' },
        status: 401,

  const { type = 0, data = { options: [] } } = JSON.parse(body)
  // Discord performs Ping interactions to test our application.
  // Type 1 in a request implies a Ping interaction.
  if (type === DiscordCommandType.Ping) {
    return json({
      type: 1, // Type 1 in a response is a Pong interaction response type.

  // Type 2 in a request is an ApplicationCommand interaction.
  // It implies that a user has issued a command.
  if (type === DiscordCommandType.ApplicationCommand) {
    const { value } = data.options.find(
      (option: { name: string; value: string }) => option.name === 'name'
    return json({
      // Type 4 responds with the below message retaining the user's
      // input at the top.
      type: 4,
      data: {
        content: `Hello, ${value}!`,

  // We will return a bad request error as a valid Discord request
  // shouldn't reach here.
  return json({ error: 'bad request' }, { status: 400 })

/** Verify whether the request is coming from Discord. */
async function verifySignature(request: Request): Promise<{ valid: boolean; body: string }> {
  const PUBLIC_KEY = Deno.env.get('DISCORD_PUBLIC_KEY')!
  // Discord sends these headers with every request.
  const signature = request.headers.get('X-Signature-Ed25519')!
  const timestamp = request.headers.get('X-Signature-Timestamp')!
  const body = await request.text()
  const valid = nacl.sign.detached.verify(
    new TextEncoder().encode(timestamp + body),

  return { valid, body }

/** Converts a hexadecimal string to Uint8Array. */
function hexToUint8Array(hex: string) {
  return new Uint8Array(hex.match(/.{1,2}/g)!.map((val) => parseInt(val, 16)))

Deploy the Slash Command Handler#

1supabase functions deploy discord-bot --no-verify-jwt
2supabase secrets set DISCORD_PUBLIC_KEY=your_public_key

Navigate to your Function details in the Supabase Dashboard to get your Endpoint URL.

Configure Discord application to use our URL as interactions endpoint URL#

  1. Go back to your application (Greeter) page on Discord Developer Portal
  2. Fill INTERACTIONS ENDPOINT URL field with the URL and click on Save Changes.

The application is now ready. Let's proceed to the next section to install it.

Install the Slash Command on your Discord server#

So to use the hello Slash Command, we need to install our Greeter application on our Discord server. Here are the steps:

  1. Go to OAuth2 section of the Discord application page on Discord Developer Portal
  2. Select applications.commands scope and click on the Copy button below.
  3. Now paste and visit the URL on your browser. Select your server and click on Authorize.

Open Discord, type /Promise and press Enter.

Run locally#

1supabase functions serve discord-bot --no-verify-jwt --env-file ./supabase/.env.local
2ngrok http 54321
Need some help?

Not to worry, our specialist engineers are here to help. Submit a support ticket through the Dashboard.