Overview
Every RestoreCord server uses a custom Discord bot for verification, member pulls, role assignment, snapshots, slash commands, and Discord API access. Keep the bot healthy before changing server settings or running recovery operations.
Bot tokens and client secrets are sensitive credentials. Anyone with access to them can control the Discord application. Regenerate exposed credentials in the Discord Developer Portal and update RestoreCord immediately.
Open Bot Management
Go to Bots
Open the RestoreCord Dashboard and select Bots in the dashboard sidebar.
Pick the bot
Each bot card shows its Discord username, client ID, live status indicator, and actions. Click Manage to edit a bot, or Invite Bot to authorize it into a Discord server.
Review shared access
Bots shared through sub-user access can appear in the list without exposing their token. Shared users can only perform actions allowed by their server permissions.
Bot Health
RestoreCord validates the bot against Discord before showing it as ready. A valid bot should have a working token, client ID, client secret, public key, and OAuth redirect URL.
Bot card preview
Matches the bot list layout used in the dashboard.
RestoreCord Bot#0001
RestoreCord Bot • 123456789012345678
- Health signal
- Valid bot identity
- What to check
- The bot can be fetched from Discord and shows the expected username and avatar.
- Health signal
- Online status
- What to check
- The status indicator confirms RestoreCord can connect the bot to Discord.
- Health signal
- Redirect URL valid
- What to check
- Discord OAuth2 contains the current callback URL, usually
https://restorecord.com/api/callbackor your custom domain callback.
- Health signal
- Server access
- What to check
- The bot is invited to every Discord server where you verify, pull, or restore members.
Credentials
The bot edit page validates credentials while you work. Use the visibility button only when you are in a private environment.
Bot Token
The bot token authenticates RestoreCord to Discord as your bot. If the token changes in Discord, paste the new token into RestoreCord and save before running server operations.
Client Secret
The client secret is used for OAuth verification. If the secret is reset in Discord, update it in RestoreCord so members can continue authorizing.
Redirect URL
The redirect URL shown in RestoreCord must exist in the Discord Developer Portal under OAuth2. Copy the exact URL from the bot edit page when the dashboard marks it invalid.
When a bot uses a custom domain, the redirect URL changes to that domain plus /api/callback. Add that domain callback in Discord before switching traffic to the custom domain.
Presence
Presence controls how the bot appears in Discord. This does not change permissions, but it makes the bot feel active and recognizable to members.
- Setting
- Status
- Available values
- Invisible, Online, Idle, or Do Not Disturb.
- Setting
- Activity type
- Available values
- None, Playing, Watching, Listening, or Competing.
- Setting
- Activity text
- Available values
- Optional custom text up to the dashboard limit. Invisible status clears the activity text.
Custom Domain
A custom domain gives members a branded verification URL and changes the OAuth callback used by the bot. Domain setup is handled from the bot's advanced settings.
Add the domain
Open the bot's advanced settings and start the custom domain flow. Enter only a domain you control.
Configure DNS
Follow the DNS records shown in the dashboard. Keep the dashboard open until the domain status moves out of pending.
Update Discord OAuth
Add the custom-domain callback URL to the Discord Developer Portal for that application.
Do not remove the old callback from Discord until the custom domain is active and tested. This avoids breaking active verification links during the transition.
Guild Management
The bot guild manager shows Discord servers where the bot is installed. Use it to audit unexpected installs or remove the bot from servers you no longer manage.
- Invite the bot to every destination server before pulling members or restoring a snapshot.
- Keep the bot role above every role it needs to add or remove.
- Only remove the bot from a server after you are sure no verification, migration, or snapshot operation still depends on it.
Restart and Delete
- Action
- Restart Bot
- Expected result
- Reconnects the bot service to Discord. Use after credential updates, Discord connection issues, or permission changes.
- Action
- Delete Bot
- Expected result
- Removes the bot from RestoreCord. If servers still depend on it, the dashboard can return a server list that must be handled first.
Deleting the wrong bot can break verification and recovery for every server attached to it. Confirm attached servers before deleting.
Operating Practices
- Use a dedicated Discord account for bot ownership, not your personal primary account.
- Keep Discord 2FA enabled when your server requires 2FA for moderator actions.
- Save credential changes during a quiet period, then test verification with a staff account.
- Document which RestoreCord servers depend on each bot before rotating credentials.
- Use custom domains only after DNS and OAuth callbacks are both confirmed.