Allow unverified bots to delete themselves using the usual /users/@me/delete route #4580
-
|
The route mentioned is the same route used to delete human users, however, the human users have to supply the password as a confirmation, that bots naturally cannot, as they lack it. Same could also be applied to /users/@me/disable that is used to disable, rather than completely delete, themselves. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
What's the use case to allow bots to delete themselves? Deleting a bot is a very sensitive action, that cannot AFAIK be reverted. This could be easily abused if a bot's token is accidentally leaked. On another end, I may see a use case to a disable-like endpoint that actually revokes all active tokens (like what was suggested in #3213), eg. to automatically revoke the token as a part of a security/emergency killswitch mechanism. |
Beta Was this translation helpful? Give feedback.
-
|
If you want to delete a bot account it can be done via the developer portal. It makes absolutely no sense to expose this functionality to bots. |
Beta Was this translation helpful? Give feedback.
If you want to delete a bot account it can be done via the developer portal. It makes absolutely no sense to expose this functionality to bots.