Discord API Skill
Use this skill to run Discord REST operations through uxc + OpenAPI.
Reuse the uxc skill for shared execution, auth, and error-handling guidance.
Prerequisites
- -
uxc is installed and available in PATH. - Network access to
https://discord.com/api/v10. - Access to Discord OpenAPI spec URL:
-
https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json
- - Discord bot token (recommended) or OAuth2 user authentication (limited functionality).
Authentication
Option 1: Bot Token (Recommended)
Bot token provides full access to Discord API including reading messages, managing servers, sending messages, and all administrative operations. This is the recommended method for most use cases.
- 1. Create a bot application at https://discord.com/developers/applications
- Generate a bot token from the Bot section
- Configure bot credential:
CODEBLOCK0
- 4. Bind credential to Discord API endpoint:
CODEBLOCK1
Option 2: OAuth2 User Authentication (Limited Use Cases)
Important: User OAuth2 has significant limitations and is not recommended for most operations:
- - ❌ Cannot read channel messages via HTTP API (local RPC only)
- ❌ Cannot send messages or manage servers
- ✅ Can read user profile, email, connections
- ✅ Can list user's servers
Only use OAuth2 if you specifically need to access user profile information as the user. For all other operations, use Bot Token.
If you still need OAuth2 for user profile operations:
Configuration:
- - Client ID: �INLINECODE6
- Redirect URI: �INLINECODE7
OAuth2 Scopes:
Discord user OAuth2 supports read-only operations. It cannot send messages or manage servers as a user (use Bot Token for those operations).
Recommended Scopes (Full Functionality):
�CODEBLOCK2
Minimal Read-Only Scopes:
�CODEBLOCK3
Scope Reference:
| Scope | Description | Write Operation |
|---|
| INLINECODE8 | Basic user info (username, avatar, etc.) | ❌ Read |
| INLINECODE9 |
User's email address | ❌ Read |
|
connections | Linked third-party accounts (Twitch, YouTube, etc.) | ❌ Read |
|
guilds | User's server list | ❌ Read |
|
guilds.join | Join user to servers (requires the same application's bot to already be in that guild) | ✅
Write |
|
guilds.members.read | User's member info in servers | ❌ Read |
|
messages.read | Read messages (local RPC only,
not HTTP API) | ❌ Read |
|
openid | OpenID Connect support | ❌ Read |
Note: User OAuth2 cannot send messages or manage servers as the user. Use Bot Token for write operations. guilds.join is a special user OAuth write capability that depends on the same application's bot already being in the target guild, so it is not part of the default read-only flow. See Discord OAuth2 documentation for complete scope list.
Two-Stage OAuth Flow (Agent-Friendly):
- 1. Start OAuth flow with desired scopes:
�CODEBLOCK4
- 2. Open the displayed authorization URL in browser, complete authorization, then copy the callback URL from browser address bar.
- 3. Complete OAuth flow:
�CODEBLOCK5
- 4. Bind credential:
�CODEBLOCK6
Interactive Alternative (Local Terminal Only):
CODEBLOCK7
Then paste the callback URL when prompted.
Core Workflow
- 1. Use fixed link command by default:
-
command -v discord-openapi-cli
- If missing, create it:
uxc link discord-openapi-cli https://discord.com/api/v10 --schema-url https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json
- �INLINECODE19
- 2. Discover operations with schema mapping:
- �INLINECODE20
- 3. Inspect operation schema first:
-
discord-openapi-cli get:/users/@me -h
- �INLINECODE22
- 4. Execute operation:
- connectivity check (no auth):
discord-openapi-cli get:/gateway
- key/value:
discord-openapi-cli get:/guilds/{guild_id}/channels guild_id=GUILD_ID
- positional JSON:
discord-openapi-cli post:/channels/{channel_id}/messages '{"channel_id":"CHANNEL_ID","content":"Hello from uxc"}'
- binding check when auth looks wrong: �INLINECODE26
Authentication Methods Comparison
| Feature | Bot Token | User OAuth2 |
|---|
| Read channel messages | ✅ Full access | ❌ Not via HTTP API |
| Send messages |
✅ As the bot | ❌ Not supported |
|
Manage channels/roles | ✅ Bot permissions | ❌ Not supported |
|
Moderation actions | ✅ Bot permissions | ❌ Not supported |
|
List servers | ✅ Servers bot is in | ✅ User's servers |
|
Read user info | ❌ Not available | ✅ As the user |
|
Message appearance | Bot badge "BOT" | N/A |
Key Recommendation: Use Bot Token for almost all operations. User OAuth2 is only useful if you need to read user profile information as that specific user. For reading channel messages, managing servers, or sending messages, Bot Token is required.
Subscribe / Gateway Status
Discord inbound events flow through the Gateway WebSocket, not through this REST/OpenAPI surface.
Current uxc subscribe status:
- - the built-in
discord-gateway transport now bootstraps through �INLINECODE29 - live Gateway sessions reached
READY and delivered �INLINECODE31 - a real posted channel message produced a
MESSAGE_CREATE event in the subscribe sink - heartbeat scheduling,
IDENTIFY, sequence tracking, and reconnect handling are implemented
Recommended invocation:
CODEBLOCK8
Intent notes:
- -
4609 = �INLINECODE35 - add
32768 (MESSAGE_CONTENT) only when the bot has that privileged intent enabled in the Discord developer portal
Use discord-openapi-cli for REST calls and uxc subscribe start ... --transport discord-gateway ... for inbound Gateway events.
Guardrails
- - OAuth2 Scope Limitation: User OAuth2 tokens cannot read channel messages via HTTP API, send messages, or manage servers. These operations require Bot Token authentication.
- Discord OpenAPI spec is persisted in the generated link via
uxc link --schema-url ...; pass --schema-url <other-url> only when you need to override it temporarily. - Keep automation on JSON output envelope; do not use
--text. - Parse stable fields first:
ok, kind, protocol, data, error. - Prefer positional JSON for non-string objects instead of
--input-json. - INLINECODE49� is equivalent to
uxc https://discord.com/api/v10 --schema-url <discord_openapi_spec> <operation> .... - Treat
post:/channels/{channel_id}/messages, delete/update endpoints, and moderation endpoints as write/high-risk operations; require explicit user confirmation before execution.
References
- - Usage patterns: �INLINECODE52
- Discord API docs: https://discord.com/developers/docs
- Discord API OpenAPI spec: https://github.com/discord/discord-api-spec
Discord API 技能
使用此技能通过 uxc + OpenAPI 运行 Discord REST 操作。
复用 uxc 技能以获取共享执行、认证和错误处理指南。
前提条件
- - uxc 已安装并可在 PATH 中使用。
- 可访问 https://discord.com/api/v10 的网络连接。
- 可访问 Discord OpenAPI 规范 URL:
- https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json
- - Discord 机器人令牌(推荐)或 OAuth2 用户认证(功能有限)。
认证
选项 1:机器人令牌(推荐)
机器人令牌提供对 Discord API 的完全访问权限,包括读取消息、管理服务器、发送消息以及所有管理操作。这是大多数用例的推荐方法。
- 1. 在 https://discord.com/developers/applications 创建一个机器人应用
- 从机器人部分生成一个机器人令牌
- 配置机器人凭证:
bash
uxc auth credential set discord-bot \
--auth-type api_key \
--header Authorization=Bot {{secret}} \
--secret YOURBOTTOKEN_HERE
- 4. 将凭证绑定到 Discord API 端点:
bash
uxc auth binding add \
--id discord-bot \
--host discord.com \
--path-prefix /api/v10 \
--scheme https \
--credential discord-bot \
--priority 100
选项 2:OAuth2 用户认证(有限用例)
重要提示: 用户 OAuth2 有显著限制,不推荐用于大多数操作:
- - ❌ 无法通过 HTTP API 读取频道消息(仅限本地 RPC)
- ❌ 无法发送消息或管理服务器
- ✅ 可以读取用户个人资料、电子邮件、关联账户
- ✅ 可以列出用户的服务器
仅当您需要以用户身份访问用户个人资料信息时使用 OAuth2。对于所有其他操作,请使用机器人令牌。
如果您仍需要 OAuth2 进行用户个人资料操作:
配置:
- - 客户端 ID:1479302369723285736
- 重定向 URI:http://127.0.0.1:11111/callback
OAuth2 作用域:
Discord 用户 OAuth2 支持只读操作。它无法以用户身份发送消息或管理服务器(这些操作请使用机器人令牌)。
推荐作用域(完整功能):
bash
--scope identify email connections guilds guilds.members.read messages.read openid
最小只读作用域:
bash
--scope identify email connections guilds guilds.members.read
作用域参考:
| 作用域 | 描述 | 写入操作 |
|---|
| identify | 基本用户信息(用户名、头像等) | ❌ 读取 |
| email |
用户的电子邮件地址 | ❌ 读取 |
| connections | 关联的第三方账户(Twitch、YouTube 等) | ❌ 读取 |
| guilds | 用户的服务器列表 | ❌ 读取 |
| guilds.join | 将用户加入服务器(需要同一应用的机器人已在目标服务器中) | ✅
写入 |
| guilds.members.read | 用户在服务器中的成员信息 | ❌ 读取 |
| messages.read | 读取消息(仅限本地 RPC,
非 HTTP API) | ❌ 读取 |
| openid | OpenID Connect 支持 | ❌ 读取 |
注意: 用户 OAuth2 无法以用户身份发送消息或管理服务器。写入操作请使用机器人令牌。guilds.join 是一种特殊的用户 OAuth 写入能力,依赖于同一应用的机器人已在目标服务器中,因此不属于默认的只读流程。完整作用域列表请参阅 Discord OAuth2 文档。
两阶段 OAuth 流程(代理友好):
- 1. 使用所需作用域启动 OAuth 流程:
bash
uxc auth oauth start discord-user \
--endpoint https://discord.com/api/oauth2/token \
--client-id 1479302369723285736 \
--redirect-uri http://127.0.0.1:11111/callback \
--scope identify email connections guilds guilds.members.read messages.read openid
- 2. 在浏览器中打开显示的授权 URL,完成授权,然后从浏览器地址栏复制回调 URL。
- 3. 完成 OAuth 流程:
bash
uxc auth oauth complete discord-user \
--session-id <步骤1中的会话ID> \
--authorization-response <浏览器中的回调URL>
- 4. 绑定凭证:
bash
uxc auth binding add \
--id discord-user \
--host discord.com \
--path-prefix /api/v10 \
--scheme https \
--credential discord-user \
--priority 100
交互式替代方案(仅限本地终端):
bash
uxc auth oauth login discord-user \
--endpoint https://discord.com/api/oauth2/token \
--flow authorization_code \
--client-id 1479302369723285736 \
--redirect-uri http://127.0.0.1:11111/callback \
--scope identify email connections guilds guilds.members.read messages.read openid
然后在提示时粘贴回调 URL。
核心工作流程
- 1. 默认使用固定链接命令:
- command -v discord-openapi-cli
- 如果缺失,创建它:uxc link discord-openapi-cli https://discord.com/api/v10 --schema-url https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json
- discord-openapi-cli -h
- 2. 使用模式映射发现操作:
- discord-openapi-cli -h
- 3. 首先检查操作模式:
- discord-openapi-cli get:/users/@me -h
- discord-openapi-cli post:/channels/{channel_id}/messages -h
- 4. 执行操作:
- 连接性检查(无认证):discord-openapi-cli get:/gateway
- 键/值:discord-openapi-cli get:/guilds/{guild
id}/channels guildid=GUILD_ID
- 位置 JSON:discord-openapi-cli post:/channels/{channel
id}/messages {channelid:CHANNEL_ID,content:Hello from uxc}
- 当认证看起来错误时检查绑定:uxc auth binding match https://discord.com/api/v10
认证方法比较
| 功能 | 机器人令牌 | 用户 OAuth2 |
|---|
| 读取频道消息 | ✅ 完全访问 | ❌ 无法通过 HTTP API |
| 发送消息 |
✅ 以机器人身份 | ❌ 不支持 |
|
管理频道/角色 | ✅ 机器人权限 | ❌ 不支持 |
|
管理操作 | ✅ 机器人权限 | ❌ 不支持 |
|
列出服务器 | ✅ 机器人所在的服务器 | ✅ 用户的服务器 |
|
读取用户信息 | ❌ 不可用 | ✅ 以用户身份 |
|
消息显示 | 机器人徽章 BOT | 不适用 |
关键建议: 几乎所有操作都使用机器人令牌。用户 OAuth2 仅在需要以特定用户身份读取用户个人资料信息时有用。对于读取频道消息、管理服务器或发送消息,需要使用机器人令牌。
订阅 / 网关状态
Discord 入站事件通过 Gateway WebSocket 传输,而非此 REST/OpenAPI 接口。
当前 uxc subscribe 状态:
- - 内置的 discord-gateway 传输现在通过 GET /gateway/bot 引导
- 实时 Gateway 会话已达到 READY 状态并传递了 GUILDCREATE
- 实际发布的频道消息在订阅接收器中产生了 MESSAGECREATE 事件
- 心跳调度、IDENTIFY、序列跟踪和重连处理已实现
推荐调用方式:
bash
uxc subscribe start https://discord.com/api/v10 \
{intents:4609,device:uxc-discord} \
--transport discord-gateway \
--auth discord-bot \
--sink file:$HOME/.uxc/subscriptions/discord-gateway.ndjson
意图说明:
- - 4609 = GUILDS | GUILDMESSAGES | DIRECTMESSAGES
- 仅当机器人在 Discord 开发者门户中启用了该特权意图时,才添加 32768(MESSAGE_CONTENT)
REST 调用使用 discord-openapi-cli,入站 Gateway
