Skip to content
Latchkey

Discord webhook 401 "Invalid Webhook Token" in CI

Discord returns HTTP 401 with {"code":50027,"message":"Invalid Webhook Token"} when the token segment of the webhook URL does not match a live webhook. Deleting and recreating a channel webhook issues a new token and invalidates the old URL.

What this error means

A notify step POSTs to the Discord webhook URL and gets HTTP 401 with message Invalid Webhook Token. No message is delivered.

Discord API
< HTTP/1.1 401 Unauthorized
{"message": "Invalid Webhook Token", "code": 50027}

Common causes

The webhook was deleted or regenerated

Discord webhook URLs embed an ID and a token. Deleting the webhook, or recreating it, produces a new token and the old URL returns 401.

The stored URL lost its token segment

A truncated DISCORD_WEBHOOK_URL secret missing the token after the ID authenticates as no webhook.

How to fix it

Recreate the webhook and update the secret

  1. In the Discord channel, open Integrations, then Webhooks, and copy the full webhook URL.
  2. Confirm the URL ends with /webhooks/<id>/<token>.
  3. Update the DISCORD_WEBHOOK_URL secret with the complete URL.
Terminal
curl -sS -X POST -H 'Content-Type: application/json' \
  --data '{"content":"build passed"}' "$DISCORD_WEBHOOK_URL"

Check the HTTP status in the step

Assert a 2xx response so a dead webhook fails the notify step rather than dropping the message.

Terminal
code=$(curl -s -o /dev/null -w '%{http_code}' -X POST \
  -H 'Content-Type: application/json' \
  --data '{"content":"build passed"}' "$DISCORD_WEBHOOK_URL")
[ "${code%??}" = "2" ] || exit 1

How to prevent it

  • Keep the full webhook URL, including the token segment, in a CI secret.
  • Rotate the secret whenever the webhook is recreated.
  • Assert a 2xx status so a broken webhook fails loudly.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →