Discord

Connect Discord to send governed messages and ingest inbound events via a bridge runtime.

What you can do#

Connect a Discord bot to your LumenFlow workspace. Sidekick can post messages to Discord channels and threads, and receive inbound messages via the bridge ingest endpoint.

ActionDescriptionStatus
Send messagePost to any Discord channel the bot can accessShipped
Reply to messageReply to a specific message by idShipped
Receive messagesIngest inbound events via signed bridge webhookShipped
Bot identity checkValidates bot token against Discord API on setupShipped
Approval routingRoute outbound messages through approval workflowShipped

Setup#

  1. Create a Discord Application at the Discord Developer Portal
  2. Create a Bot user and copy the Bot Token
  3. Invite the bot to your Discord server with appropriate permissions (Send Messages, Read Message History)
  4. Go to Settings > Connections in LumenFlow
  5. Click Add Connection > Discord
  6. Enter the Bot Token and optionally a default channel
  7. Click Save -- LumenFlow validates the token against the Discord API and stores it encrypted

warning If this Discord bot token is already connected to a different LumenFlow workspace, the install will be rejected. One bot per workspace prevents message routing conflicts.

Bridge ingest#

Discord does not natively push events to a webhook URL the way Slack or Teams do. LumenFlow provides a bridge runtime that connects to Discord's Gateway and forwards events to the ingest endpoint.

The ingest endpoint uses HMAC signature verification:

  • x-sidekick-signature -- HMAC-SHA256 of the request body
  • x-sidekick-timestamp -- ISO 8601 timestamp for replay protection

info The bridge runtime name and registration metadata are stored automatically during setup. Check the onboarding status panel for bridge health.

Security#

  • Bot token validated on save -- LumenFlow calls Discord's /users/@me endpoint to verify the token before storing it
  • HMAC ingest signature -- inbound events are signed with an encrypted shared secret
  • Rate limiting -- distributed per-integration and per-workspace limits
  • Scoped permissions -- only messages.write, channels.read, and messages.read scopes are accepted

Disconnecting#

To remove the integration, go to Settings > Connections > Discord and click Disconnect. This removes stored credentials from LumenFlow but does not delete the bot from your Discord server.