TOKEN_INVALID error means your application attempted to authenticate with the Discord API using a token that Discord rejected as invalid, expired, or revoked. Without a valid token, your bot cannot connect to the gateway or make any API calls — it will crash immediately at startup every time. This error is always caused by a token problem, not a platform issue, so the fix involves verifying, regenerating, and correctly applying your bot token.
When Does It Occur?
You’ll see one of the following messages in your application logs at startup, depending on the library you’re using:Why Does It Occur?
Your application sends the token to Discord’s API during the login handshake. Discord rejects it when:- The token was regenerated on the Developer Portal (which immediately invalidates the previous token).
- The token was reset after a suspected leak or compromise.
- You accidentally copied extra whitespace or line breaks around the token string.
- You’re referencing a token from an environment variable that isn’t set in your Virtus Cloud application environment.
- You’re using a test token from a different application or a token that belongs to a different bot account.
How to Fix It
Verify your token is still valid
Open the Discord Developer Portal, select your application, and navigate to the Bot section. If you see a message that the token was recently reset, the token you’re currently using is invalid.
Regenerate the token
In the Bot section of the Developer Portal, click Reset Token. Confirm the action and copy the newly generated token immediately — Discord only shows it once.
Update the token in your environment
Never hardcode tokens directly in your source code. Store your token as an environment variable in the Virtus Cloud dashboard and reference it in your code using
process.env.TOKEN (Node.js) or os.environ["TOKEN"] (Python).If you store your token in a .env file or a config.json file that you upload with your project, update it with the new token value:Keep your library up to date
Outdated versions of discord.js or discord.py sometimes have authentication bugs that cause valid tokens to fail. Update to the latest stable version:Or update the version in your dependency manifest and redeploy:
Redeploy and verify
After updating the token and optionally updating your library version, save your files and redeploy your application from the Virtus Cloud dashboard. Watch the startup logs — a successful login will show gateway connection messages without any
TOKEN_INVALID or LoginFailure entries.Preventing Token Leaks
Use environment variables, not hardcoded tokens
Use environment variables, not hardcoded tokens
Store your token as an environment variable in the Virtus Cloud dashboard rather than in a file that gets uploaded with your code. This way, your token is never visible in your project files or version control history.
Add .env to your .gitignore
Add .env to your .gitignore
If you use a
.env file during local development, add it to your .gitignore so it’s never committed to your repository. A leaked token in a public GitHub repo will be detected and auto-revoked by Discord within minutes.Never share your token
Never share your token
If you continue to experience
TOKEN_INVALID errors after following these steps, contact the Virtus Cloud support team.