Discord webhook 401 "Invalid Webhook Token" in CI
Discord returns HTTP 401 with {"code":50027,"message":"Invalid Webhook Token"} when the token segment of the webhook URL does not match a live webhook. Deleting and recreating a channel webhook issues a new token and invalidates the old URL.
What this error means
A notify step POSTs to the Discord webhook URL and gets HTTP 401 with message Invalid Webhook Token. No message is delivered.
< HTTP/1.1 401 Unauthorized
{"message": "Invalid Webhook Token", "code": 50027}Common causes
The webhook was deleted or regenerated
Discord webhook URLs embed an ID and a token. Deleting the webhook, or recreating it, produces a new token and the old URL returns 401.
The stored URL lost its token segment
A truncated DISCORD_WEBHOOK_URL secret missing the token after the ID authenticates as no webhook.
How to fix it
Recreate the webhook and update the secret
- In the Discord channel, open Integrations, then Webhooks, and copy the full webhook URL.
- Confirm the URL ends with /webhooks/<id>/<token>.
- Update the
DISCORD_WEBHOOK_URLsecret with the complete URL.
curl -sS -X POST -H 'Content-Type: application/json' \
--data '{"content":"build passed"}' "$DISCORD_WEBHOOK_URL"Check the HTTP status in the step
Assert a 2xx response so a dead webhook fails the notify step rather than dropping the message.
code=$(curl -s -o /dev/null -w '%{http_code}' -X POST \
-H 'Content-Type: application/json' \
--data '{"content":"build passed"}' "$DISCORD_WEBHOOK_URL")
[ "${code%??}" = "2" ] || exit 1How to prevent it
- Keep the full webhook URL, including the token segment, in a CI secret.
- Rotate the secret whenever the webhook is recreated.
- Assert a 2xx status so a broken webhook fails loudly.