Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nuu-maan/Filly-Discord-Token-Filler/llms.txt

Use this file to discover all available pages before exploring further.

Discord tokens are stored in input/tokens.txt and are used to authenticate with Discord’s API when joining servers.

Token Format

Filly supports multiple token formats. Add one token per line in input/tokens.txt.

Supported Formats

The most common format - just the Discord token:
MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.GaBcDe.FgHiJkLmNoPqRsTuVwXyZ
OTg3NjU0MzIxMDk4NzY1NDMyMQ.HiJkLm.NoPqRsTuVwXyZaBcDeFgHi
This format is recommended for most use cases.

Token Extraction

The tool automatically extracts the token from any format by splitting on colons and taking the last segment: 
token_only = token.split(":")[-1]
This means all three formats above are valid and will work correctly.

Token Structure

Discord tokens have three parts separated by dots: 
USER_ID.TIMESTAMP.HMAC_SIGNATURE
Example: MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.GaBcDe.FgHiJkLmNoPqRsTuVwXyZ
  • Part 1: Base64-encoded user ID
  • Part 2: Base64-encoded timestamp
  • Part 3: HMAC signature for authentication
Never share your Discord tokens. They provide full access to your account.

Token Validation

Tokens are validated during the join process. Invalid tokens receive different responses:

Response Codes

200 OK
success
Token successfully joined the server. Saved to output/joined.txt.
401 Unauthorized
error
Token is invalid or expired. Automatically removed from input/tokens.txt and saved to output/invalid.txt.
403 Forbidden
error
Token is locked or banned. Automatically removed from input/tokens.txt and saved to output/locked.txt.
429 Too Many Requests
error
Rate limited. The tool will continue with other tokens.

Token Management

Automatic Removal

The tool automatically removes problematic tokens from input/tokens.txt: 
def remove_token(self, token: str) -> None:
    self.tokens = [t for t in self.tokens if t.strip() != token]
    self.tokens_file.write_text('\n'.join(self.tokens) + '\n')
Tokens are removed when they:
  • Return 401 (invalid)
  • Return 403 (locked)
Tokens that encounter captcha or rate limits are not automatically removed, as they may still be valid.

Duplicate Removal

Duplicate tokens are automatically removed when loading: 
def _load_tokens(self) -> List[str]:
    return list(set(self.tokens_file.read_text().splitlines()))

Join Tracking

Each token’s join count is tracked in memory: 
def increment_joins(self, token: str) -> int:
    self.token_joins[token] = self.token_joins.get(token, 0) + 1
    return self.token_joins[token]
Tokens that reach max_joins are saved to output/filled_tokens.txt.

Example Configuration

Basic Setup

input/tokens.txt
MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.GaBcDe.FgHiJkLmNoPqRsTuVwXyZ
OTg3NjU0MzIxMDk4NzY1NDMyMQ.HiJkLm.NoPqRsTuVwXyZaBcDeFgHi
MTExMjIyMzMzNDQ0NTU1NjY2Nw.JkLmNo.PqRsTuVwXyZaBcDeFgHiJk

With Credentials

input/tokens.txt
user1@example.com:password123:MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.GaBcDe.FgHiJkLmNoPqRsTuVwXyZ
user2@example.com:password456:OTg3NjU0MzIxMDk4NzY1NDMyMQ.HiJkLm.NoPqRsTuVwXyZaBcDeFgHi
cooluser:mypass:MTExMjIyMzMzNDQ0NTU1NjY2Nw.JkLmNo.PqRsTuVwXyZaBcDeFgHiJk

Mixed Format

input/tokens.txt
MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.GaBcDe.FgHiJkLmNoPqRsTuVwXyZ
user@example.com:password:OTg3NjU0MzIxMDk4NzY1NDMyMQ.HiJkLm.NoPqRsTuVwXyZaBcDeFgHi
username:pass:MTExMjIyMzMzNDQ0NTU1NjY2Nw.JkLmNo.PqRsTuVwXyZaBcDeFgHiJk
All three formats can be mixed in the same file. The tool handles them automatically.

Security Best Practices

Token SecurityDiscord tokens are equivalent to your password. Protect them accordingly:
  • Never commit tokens to Git repositories
  • Don’t share tokens with untrusted parties
  • Rotate tokens regularly
  • Use separate accounts for automation
  • Monitor token activity for suspicious behavior
Recommendations:
  • Keep input/tokens.txt in .gitignore
  • Use environment variables for sensitive tokens
  • Regularly check output/invalid.txt and output/locked.txt
  • Maintain a backup of working tokens
  • Test with a few tokens before running large batches

Troubleshooting

Common causes:
  • Tokens are expired or revoked
  • Incorrect token format (missing parts)
  • Extra whitespace or line breaks
  • Tokens from terminated accounts
Solutions:
  • Verify token format matches Discord’s structure
  • Remove any extra spaces or characters
  • Test tokens manually using Discord’s API
  • Generate fresh tokens
Common causes:
  • Too many requests too quickly
  • New accounts without verified email
  • Accounts flagged for suspicious activity
  • IP address is banned or flagged
Solutions:
  • Increase delay between requests
  • Use proxies to distribute requests
  • Verify email addresses on accounts
  • Use aged accounts instead of fresh ones
Common causes:
  • File permission issues
  • Token format mismatch (extra spaces)
  • File is locked by another process
Solutions:
  • Check file permissions on input/tokens.txt
  • Ensure consistent token formatting
  • Close other programs accessing the file

Token Privacy

Tokens are masked in console output for security: 
token_only = token.split(":")[-1]
masked_token = f"{token_only.split('.')[0]}.*****"
Example output: MTIzNDU2Nzg5MDEyMzQ1Njc4OQ.***** Only the user ID portion (first part) is shown in logs.