#github-notifications

Hello 👋

I am hoping to request additional details be provided on this event if possible. For any bot that has server log feature, intents have severely impacted our ability to have proper logs.

Due to the changes in intents, it has become nearly impossible to fetch all members on startup because it takes way too long for larger bots. That means we will not have members cached when a role is changed meaning we will always be forced to fetch audit logs on every single guildMemberUpdate o...

@advaith1 Alright, I'll change it back

hello

Maybe we should clarify that flags and public_flags are the same but flags is only for OAuth and public_flags is in the bot api? we should probably say "public flags" in the OAuth flags description too because that also only gives the public flags

This PR documents the Verified Bot (1 << 16) and Verified Bot Developer (1 << 17) flags.

@msciotti I assume Discord doesn't want to document 1 << 15 (Underage Deleted)?

Hellou

@night I've been reliably able to reproduce it with a single user on my account. Every other user is able to authorize the application, but this user consistently sends invalid codes back. Let me know how you want me to share the user / timestamp info.

We can generate multiple non verified id and join servers

Disabling certain features from unverified bots have some downsides, many servers have their own bot which they use for support purposes and more things - and other things that involve DMs.

In context of a public bot, 100 servers is a super tiny amount of servers and at that point re-branding should still be an option. But for bots that are in more than 1k or 2.5k servers, owners should be able to contact support for changing the bot's name for re-branding or whatever - permanently taking ...

finally! We see support for the owners of the bots after a period of time and we hope that this development takes place for a longer period not for once or twice for consecutive times.

Legends developers

Disabling certain features from unverified bots have some downsides, many servers have their own bot (1-2 server bot) which they use for support purposes and more things - and other things that involve DMs.

That feature could be opt-in, as in it comes disabled by default. Maybe show a warning above the message when an unverified bot DMs you?

In context of a public bot, 100 servers is a super tiny amount of servers and at that point re-branding should still be an option. But for bots...

I think name changes should be allowed, but perhaps a little note saying that this user used to be x? Just so people can know who it used to be. I also support the idea of requesting a name change, so then people are forced to think about if it's actually needed.

I'd rather add an option to request a name change in dev portal.

Adds missing GUILD_UPDATE and MESSAGE_DELETE_BULK events, adds information about receiving GUILD_MEMBER_UPDATE for the current user, and highlights special behaviors for GUILD_CREATE and REQUEST_GUILD_MEMBERS.

You have reminded me of something I meant to PR :smiley_cat:

The Privileged Intents section that follows does not mention close code 4014 Disallowed Intents, unlike the previous section, which mentions 4013 Invalid Intents.

The close code itself is already documented, but could you consider adding a similar reference to 4014 in this PR?

I'd rather add an option to request a name change in dev portal.
I think @alula's approach is by far the best option one suggested here regarding name changes, considering that disabling name changes all together could limit developers to an old "brand", even though they already moved on from certain name.
I think name changes should be allowed, but perhaps a little note saying that this user used to be x?
I don't think @Greenfoot5's approach is very good, because then you would only ...

it works for me, be more specific

CNR; It work's for me.

Applications page works for me too.

@night only for 64bit?

It works for me, with no issues. Try resetting your cookies.

Seems like a mistake where an integer was represented as "number", assuming it's a mistake since it's the only place number is being used as a type in the docs.

29ee1ce system_channel_flags should be type of integer ... - TheOnlyArtz

Thanks!

On the verification page, it says "Server Members Intent"

I've had people asking me what that is, because they're used to the Guild terminology. Why is it different on the verification page? Considering this is a page for API developers, it should be guild
because that's how it is in the docs when talking about the new intent system, example: https://discordapp.c...

Suddenly my bot token got invalid for some reason but it is valid

    at WebSocketManager.connect (/rbd/pnpm-volume/f6cd38b3-371c-445a-96bb-d7b449acbc8b/node_modules/.registry.npmjs.org/discord.js/12.1.1/node_modules/discord.js/src/client/websocket/WebSocketManager.js:135:26)
    at Client.login (/rbd/pnpm-volume/f6cd38b3-371c-445a-96bb-d7b449acbc8b/node_modules/.registry.npmjs.org/discord.js/12.1.1/node_modules/discord.js...

It is possible that the token was invalidated, or that you are banned.

• Check for an email from Discord stating whether your token has been invalidated or that your bot has been disabled.
• Regenerate your token on your bot's application page, and see if the new token works.
• Try running the same code with a different token for a different bot.

I tried

1. No email regarding that. Also i myself tried to find it but it's nowhere
   available even in my spam folder.
2. Tried that like 100 of times now.
3. Another bot is working perfectly fine with the same code.

On Sat, 11 Apr, 2020, 8:56 PM SinisterRectus, notifications@github.com
wrote:

It is possible that the token was invalidated, or that you are banned.

• Check for an email from Discord stating whether your token has been
  invalidated or that your bot has been disabl...

Hi all,

As the title says, I'm trying to access via API to the count of connected users to a voice channel. I've already used the discord API, and I have a bot on my guild.
I'm using raw HTTP petitions, using CURL for testing, i'll integrate it into an IoT project, so I can't use frameworks.
I can get channel details, guild members, but not users in a voice channel. I've read the entire api doc.

Any help please? Much appreciated

Not possible via the HTTP API. You need to track voice states received via the gateway WSS API.

Oh, that was a nice and fast response sir! Thanks!
Is a planned feature to add to the HTTP API?

Some data is only available via gateway. You can see these properties at the bottom of the guild resource table. I don't know why this limitation exists or whether it will change, and I don't work for Discord, so I can't give more information on that.

Images can be accessed with a size up to 4096.

yes

203cd31 Fix maximum image size (#1501) - Noctember

Application below will crash if discord is not running or is not installed. core will be null. The docs should mention that.

if (core) should be added before updating activity.

https://discordapp.com/developers/docs/game-sdk/sdk-starter-guide

#include "MyPawn.h"
#include "discord-files/discord.h"

discord::Core* core{};

AMyPawn::AMyPawn()
{
     // Set this pawn to call Tick() every frame.  You can turn this off to improve performance if you don't need it.
    Prim...

Since the last Discord update there is a REALLY annoying bug with the interface (if used via browser):
everytime you open a folder and click on a server, you get pushed on top of the server list and you don't join the server.

Once the folder is open you can scroll down again and join the server. You try with another folder? Same behavior, get bounced back on top and you have to scroll down again for join the server, it's a pain.

I've tried with Chrome and Firefox and both have the same...

You should send this bug in https://discord.gg/discord-testers
Read the info channels and guides there.

You should send this bug in https://discord.gg/discord-testers
Read the info channels and guides there.

Apparently I can't send the report since the Desktop reports are closed right now. Well I guess I have to wait and I'll leave my discord folder opened X'D

Maybe this should be reconsidered since bots can access user flags now (#1490)? Now bots can show most user badges without OAuth but not nitro and boost (and end-users might think that's a bug)

You think they left out nitro by accident? If bots could see that it would just make nitro scam bots even easier.

Well nitro is a different field (premium_type vs flags)

I do think this would be an amazing addition to the API, however I do see both sides. It would be irresponsible of Discord to allow application to use this value for harmful or bad intentions, as mentioned in the extreme cases above. Additionally, I do believe this could be a very good feature that bots could use to enhance features. In my opinion, The cons out-way the pros, however it wouldn't be a bad consideration. Also, in the extreme negative case, Wouldn't you agree that an application ...

BTW applications can already see a user's premium_type via OAuth (if the user authorizes), exposing it in the API would just make it easier for bots to access it

BTW applications can already see a user's premium_type via OAuth (if the user authorizes), exposing it in the API (like Discord has just done for flags) would just make it easier for bots to access it.

Same logic could be applied to a users connections or locale. It would be more convenient but there are other concerns than just convenience for bot developers.

@advaith1 I don't think "People will think it's a bug in the bot" or "I'd like to make it visible in a profile command" are big enough reasons to justify making it visible to every bot.

The way I'm understanding it, it's only visible behind an OAuth scope because most regular applications should never need it. Maybe some applications could do something a little extra with it (like with the profile command example, being able to mark the user as having Nitro in a profile command), but tha...

Why not make it whitelist only like the Privileged Gateway Intents?

You'd have to submit an explaination of why you want it.

@Artuto - If this feature was added, it'd take a while for all hundred or whatever Discord Libraries to even make a breaking change to allow this. Unless you're making requests to the API yourself.

@Artuto - If this feature was added, it'd take a while for all hundred or whatever Discord Libraries to even make a breaking change to allow this. Unless you're making requests to the API yourself.

I don’t this this is an appropriate reason for either argument. Any change or new feature discord adds has to also be added to every library. This is like saying that Discord shouldn’t release their new UX features because it will take libraries a good while to implement those. Also, popular lib...

When you send a request to the web API with the user-agent beginning with "Java/1." it returns Forbidden 403

Steps to Reproduce:

• Send a request to the discord API with the user-agent header beginning with "Java/1." (without the ""'s) and it should return Forbidden 403, I've tested it in Java and JavaScript and it always works when the user-agent header doesn't begin with "Java/1." (Note: it doesn't execute the "normal" code, as in it just returns 403 and nothing else)

Expected Resul...

It appears that it is Cloudflare doing the blocking. Having a look around and there are posts like this https://community.cloudflare.com/t/cloudflare-blocks-java-http-client/73621 So it seems that you may just have to use something else as your user-agent.

The recommended user agent is documented at https://discordapp.com/developers/docs/reference#user-agent.

I don't know if this is intended, but the documentation states:

Clients using the HTTP API must provide a valid User Agent which specifies information about the client library and version in the following format:

User-Agent: DiscordBot ($url, $versionNumber)

Clients may append more information and metadata to the end of this string as they wish.

Note the "must" in the first sentence. So, a user-...

Yes please, it would make everyone's life easier.

Just gonna add that I think name changes should have to be requested and approved by Discord to prevent someone from using the verified badge to make them look like someone they're not. While it may be inconvenient, this should be implemented because the verified badge gives a higher authenticity level to the viewer and could easily mislead them into thinking this is an official bot.

yo, so when I screenshare just one window (such as chrome) my friends cannot hear the video Im trying to show them. But when we do the opposite and im trying to listen to my friend's screenshare, it works without any problems.

I guess this is a bug. Just wondering how I can fix it because this is seriously so frustrating.

This is for API issues, not client issues. It looks like your issue is documented at https://support.discordapp.com/hc/en-us/articles/360032665831--Known-Issue-Screenshare-with-Audio-Not-Capturing-Chrome

FYSA:

Once a bot is verified, its ownership cannot be transferred--either from user to user or from a user to a team. Additionally, a bot's name cannot be changed in the Developer Portal or the API after verification.

Our support team is currently building out the infrastructure to help you transfer the ownership of verified bots and change the name of verified bots where necessary. If this is something you end up needing, please contact us at https://dis.gd/contact and we'll be ...

I don't think a proper ADT representation is possible because internally no such data structures exist. We always re-use the same primitive objects in additional types whenever possible. In reality all fields of a model could in theory be returned on a different type, and we have re-used fields in this manner for past feature releases. Someone could document the "fields that matter" for each type, though.

will be fixed in next api deploy

I agree that a big pain point with the docs is the consistency in describing the representation for objects in different contexts. The ways we communicate this include:

• Notes on the structure table: The Guild Object is painted with asterisks that denote which fields are only sent with GUILD_CREATE, similarly with the Message Object table for MESSAGE_CREATE fields.
• Blanket notes on the event: MESSAGE_UPDATE has a note saying "a message object, but every field is optional except...

We most likely would not add a count to these events, as they are related solely to the member object (not the guild). We do return member count in guild responses in some places (like guild ready or invites), so perhaps a feature request you could make would be related to a new event which gives you updates of that value or a way to request that value in the response via API.

491a8e5 Update org name and links (#1464) - discordleaf

All product copy in the developer portal refers to guilds as servers, so this representation is consistent with the current intentions of that copy. We are re-evaluating this and may change it in the future (but everything would be changed, not just this).

duplicate: #1498

I've marked this as documentation needed, but pull requests are welcome.

Generating a new token in the developer portal should allow you to send a successful API request. If not, most likely your token is being revoked in some way. Publishing it to a public GitHub repo or your bot being banned from our platform are common reasons. I would recommend reaching out to our support team if you suspect your bot is banned.

bc97a49 Additions to intents documentation (#1495) - SinisterRectus

b914f8d Document Verified Bot and Verified Bot Develope... - advaith1

3787619 Document public_flags property on User object (... - ThaTiemsz

4eaa6e1 fixes typo (#1485) - cherryblossom000

43cafe6 re-order permissions based on value (#1478) - XuaTheGrate

f65455b fixes game sdk activity manager link in oauth2 ... - spergmoment

2214b54 Remove channel_id from bulk delete options (#1468) - FasterSpeeding

4dac1cb Add optional info for Modify Guild Integration ... - crowlKats

fa9a133 move Modify Current User info above table title... - crowlKats

e3805e9 Document optional Connection object fields. (#1... - FasterSpeeding

e589790 Update the guild example with up to date fields... - discordleaf

this is not intended and will be fixed in next api deploy.

I definitely don't want to request that value via an API call. That's monumentally resource-intensive for both parties. Also seems like it would be resource-intensive to ask for a new event type, but that would be the desired solution on my end (less privacy concerns, less bandwidth, etc). Will open a new ticket

A channel might want to present a message with date/time information. Both the date and time may be important to the recipient. The presentation of the date and time should be controlled by the sender, but the date and time should be localized to the recipient.

Discord currently provides a simple mechanism for this. Embeds may carry a timestamp that is included in the footer of the embed. While the timestamp is localized when shown to the receiver, the format of the date/time cannot be cus...

84f1a1b Code Primer - Non-Unity Projects (Csharp) (#1436) - PoisnFang

a9d4e72 document email nullability on User (#1433) - FasterSpeeding

f9c79fa Update invite create event fields and example i... - FasterSpeeding

01665c4 document field nullability and optionality on t... - FasterSpeeding

Why not just emit GUILD_UPDATE instead of making a new event for it?

Username: @AST#0315

So what I have found is, when you open the section where it leads to your saved pictures or gallery on "MOBILE", you find a picture and you multiple tap it, the discord crashes.

This repo is for reporting API bugs and feature requests only

While we are on the subject for Date Time formatting, can Discord please include English AU: d/m/Y with 12h clock.

8468643 document field nullability for PATCH endpoints ... - FasterSpeeding

rather than linking to this document in multiple places, can we add a definition in our own docs which we give a brief explanation of and then link to this document?

As suggested by @night , opening up a new issue for this.

I would like a new event/intent that we can subscribe to that just gives us a guild id and a member count. Either a new event or adding it to GUILD_UPDATE?

Needing to have a privileged event just to keep track of the number of users in a server is unfortunate. It also makes difficult/impossible to have a stateless bot for DiscordServers

Acouple days ago I was experimenting with statuspage's webhook function, sending a status update to Discord via glitch. As part of this, I was checking if messages (including webhooks) could be published by bots so we don't have to do it ourselves
Now the thing is, I don't see any documentation about the /crosspost endpoint despite it working, I only found #1161 and unless I'm misunderstanding it, it seems like bots using the endpoint aren't supported? If that's the case then surely it mak...

Hm, where would a comment like this fit? Maybe I should put this comment under one of the models that use an ISO8601 timestamp, but which one... Any ideas?

@SinisterRectus encase you never got an answer, public_flags being optional seems to cover cases such as user objects for a webhook on message create events.

I'm not sure that's it, because out of about 55k users that my bot sees, about 25k have public_flags after start-up, with most (but not all) being greater than 0. The number of users with a value set appears to increase over time.

I have some case of users that have undefined flags. Fetching the User directly from the API gives me the correct flags.
I am not sure exactly why some user have public_flags directly set, and some don't?

this is being removed

you can place it on the reference page, which describes other generalities of the apis

let's not document this behavior. we want clients to authorize when using this endpoint.

`s` and `t` are `null` when `op` is not `0` (`DISPATCH` Opcode)

4a81f9b Document error code 30015 (#1509) - davfsa

The team did expose this to bots, but I do not believe it's documented. cc @jonzlin95 for context

The endpoint is now accessible to bots, but there’s a few things that don’t fully conform to our bot API standards which I need to fix up before I’d b be comfortable documenting it. It won’t be going away or changing externally, just something I haven’t had the time to get around to yet

Wait then the endpoint can be used by bots?

Alright, I think I did this pretty well (put it under the "HTTP API" section in the reference)

4ad33ab iso8601 + gateway payload nullability + update ... - A5rocks

This documents the unknown ban error (code 10026).

This document the new max_video_channel_users property on Guild.
This seems to not be defined in all guilds for now.

You need to verify your account in order to perform this action

Replaces int with integer in Teams.md, RPC.md, Gateway.md, Audit_Log.md

This seems to not be defined in all guilds for now.

Probably because server video is still rolling out

Can you fix the "Maximun" added in #1509?

Thanks.

If we can't still use those fields yet, Wouldn't it be better to reopen this issue?

Is there a recommended code to use in response to OP 7? 1012?

D#+ and d.py do 4000, but anything that isn't 1000 or 1001 will do.

I don't think we should be adding footnotes or detailed descriptions to an enumeration reference page. There should be just enough information in the table to give the code context, and maybe a link back to another page if necessary.

I agree with @Lachee... localization should include both adjusting to the user's local timezone, but also representing the date in a manner appropriate to their locale.

I would simplify this to "you should attempt to reconnect and resume immediately."

We switched to 4900 in JDA to avoid confusion. I would recomment to not use the 1xxx codes because they are protocol defined.

Shouldn't this be closed due to #1309? Tracking what invite is used is in #448 as Andre mentioned

@advaith1 yeah, ill just close it now

Currently, in an Embed Author Payload, the name parameter is optional, but it doesnt really makes sense for it to be. (https://discordapp.com/developers/docs/resources/channel#embed-object-embed-author-structure)

If you send a embed with an embed author that only specifies a icon_url, it will send the embed without any icon:

{
    "author": {
        "icon_url": "https://cdn.discordapp.com/avatars/377812572784820226/0e0eb1041867c2f760cfd1f8d71ae969.webp?size=1024"
    }
}...

Привет

e883b93 Remove really old warning from dispatch about a... - msciotti

One would expect that the mfa_enabled field is supplied if you have the IDENTIFY scope and the information is pertaining to the current bot user (e.g. in the READY event and the USER_UPDATE event). However, since no differentiation is made between the format of a regular User object for an arbitrary user on the API and the bot user object, this becomes overly unhelpful.

For example, USER_UPDATE events seem to miss out the mfa_enabled field; but the documentation implies that it is provided...

That ? for mfa_enables implies a nullable field, can you please clarify?

@TheOnlyArtz it implies it is optional. My question is, in what cases do I actually expect to receive it?

This is related to #1484 and the concept "fields that matter" and objects in specific contexts. I think it is a good idea to document these things moving forward.

Well, bots obviously can't have 2FA, so it's logical that you won't actually receive that fields for bots?

@SinisterRectus agreed. They should have been documented by whoever implemented them and had access to the source code in the first place.

@TheOnlyArtz ```json
{'avatar': '23556fd7bed640bd428e4731edcd741b',
'bot': True,
'discriminator': '0220',
'email': None,
'flags': 0,
'id': '658822586720976907',
'locale': 'en-US',
'mfa_enabled': True,
'public_flags': 0,
'username': 'Reinhard',
'verified': True}

i would argue that this is false.

mfa_enabled on a bot means the owner has mfa enabled.

@night so... why is it not specified for a USER_UPDATE in some cases?

mfa_enabled on a bot means the owner has mfa enabled.

How does this work for team owned bots?

to use teams you have to have 2fa??

so... why is it not specified for a USER_UPDATE in some cases? Is this an API bug or just a case of ambiguous documentation?

it could be an api bug. i would recommend figuring out a reliable repro and then opening an issue about it.

seems this is buggy behaviour

then opening an issue about it

that was the point of this issue :P

changing the avatar on the dashboard leads to this:

{"t":"USER_UPDATE","s":2887,"op":0,"d":{"username":"hikari","public_flags":0,"id":"572144340277919754","discriminator":"5863","bot":true,"avatar":"a0910b09c43b839ebe60c9b58a302803"}}

updating the application name on the dashboard leads to this:

{"t":"USER_UPDATE","s":22,"op":0,"d":{"username":"hikari","public_fl...

Well from my testing (where all changes I made using the bot dashboard) it seems to be that when I update the bot's username I get a full user object in the user update event and when I update the bot's avatar I get a partial user object.

With the partial user object I receive after updating the bot's avatar being in the following payload

{"t":"USER_UPDATE","s":19,"op":0,"d":{"username":"Reinhard2","public_flags":0,"id":"658822586720976907","discriminator":"0220","bot":true,"ava...

so yes, this is a bug then

I tried logging in to my bot, but I have 0 access to it.
I logged out of my discord account and logged back in before and now I dont have any access.
Please, I have a lot of commands on there and cannot restore them.
Please help.

This is not the support channel for botghost. I hope you figure out your issue though!

Oopsie whoopsie, Discord 🤔

iirc this changes based on the ratelimit precision header

The unit for that key in the JSON response has always been milliseconds

That night, we searched for the reason for the strange behavior when the rate -imit triggered in the library is Discord.NET and noticed that the time in the reset-after parameter goes synchronously with the seconds in our logs.

It's milliseconds.

It's generally assumed, that "Manage Channels" permission gives users and bots control over channels. That control is denied if a user doesn't have "Connect" permission.
Addition of this constraint is extremely counter intuitive and there's no reference to it anywhere. While it is somewhat clear that you can't edit that channel while in any client (the lock icon appears next to it), there's almost no way of knowing that when you're running a bot, as it just 403s with no further explanation.
...

I don't think we should be adding footnotes or detailed descriptions to an enumeration reference page. There should be just enough information in the table to give the code context, and maybe a link back to another page if necessary.

Amended.

I would simplify this to "you should attempt to reconnect and resume immediately."

Updated.

Whenever you refresh the website, it regenerates your bot token.

This is by design.
The tokens are generated with the current time so whenever you refresh, the token will change.

All previous tokens are still valid and you can use them, the only time the previous tokens are invalidated is when you click the "Regenerate" button.

Nono, when you refresh the website. Your token is regenerated by the way.

Okay thanks anyways

| 7    | Reconnect             | Receive       | You should attempt to reconnect and resume immediately.                                  |

f420044 Fixes #1476 - contradictory RECONNECT docs (#1515) - nekokatt

I just thought of something. My bot has to be sharded, so I usually use a second test bot token for my testing and new development. However now some of my features require privileged intents and I am unable to use those features on my test bot. I have to declare non-privileged intents when trying to use that bot. What would be the solution to this?

Should I get my test bot verified too? Could there be a way for a "test mode" for a token in the future?

@JMTK you can just enable the switches for the privileged intents in the dashboard

Gotcha, I think I misunderstood the limitation for verification. Thanks!

@educatalan02 Are you having issues with previous tokens being invalid and unusable when you refresh? Is that what this issue is about?

If not, please consider elaborating on your issue with more specific details. Otherwise, all we can really say is what PixeLInc already said.

In addition to this would I appreciate if we would get a way to know, how many bots and actual humans/clients are on a server.
Some of us use this information to f.e. not have the bot on "Bot" Discords (Servers with WAY more bots than users) which are often a waste of resources and bandwidth, even with the new Intents used.

Right now is the only way to get those numbers, to get the actual users and check if they're a bot or not, which adds extra steps and in cases like a Join event also r...

(sorry for all the people I notify with this)

Sorry to ask this now, but what exactly are public flags now and what are they used for?
Also, if they're really "can be seen by bots" as ThaTiemsz said in his original comment, why is it with scope identify documented?
For me are all things with OAuth2 code identify not viewable by bots, unless you clearly request this scope (which you normally wouldn't), so a bit of clarification would be appreciated here.

Notify affected users with a system DM and email. Once a spam bot has been detected, all users that have been direct messaged by the fake bot should receive a system DM telling them to secure their account by changing their password and enabling MFA on their account if they did accidentally type in their password or add the bot to their server.

I personally see some inconvenience (mainly on the side of Discord and their API) with this.
When a bot, that f.e. would be on 50+ Servers D...

(we discussed in Discord but I'm replying here in case anyone else is curious)

The OAuth scopes only apply when OAuth is being used, they are not related to bots. We should add another column to show which properties can be accessed by bots.

This addition serves to address another frequently asked question we receive in the Discord API server.
When one researches how to scale their bot, it is often not apparent to readers that you can connect:

• multiple sessions with the same [shard_id, num_shards]
• multiple sessions with different num_shards values

These details are often key when designing deployment systems that can scale without downtime, or more fine-tuned load balancing.
While the current documentation doesn'...

I'm having the same issue, when I attach a image with the embed, the image shows just fine in the embed, but there is no way to remove the attachment again from the embed. Please help!

message.nonce being nullable is unintended behaviour according to @night (see #1447 for source)

Oh I see.

what

This makes no sense

This is rewrite of the section on heartbeating that clarifies some very frequent questions surrounding heartbeating asked in the Discord API server, such as:

• Q: When do I send my first heartbeat? Immediately, or after the first heartbeat_interval period?
  A: You can start at any time before the first heartbeat_interval period elapses.

• Q: If I receive opcode 1, do I respond with a heartbeat ack?
  A: No. While already documented as such, this PR should hopefully make this less...

Perhaps slightly unrelated, and maybe better fitting for another issue, but: Is there any recommendation for a minimum amount of time we should wait for a session to be issued? Or is it just, we should always wait an indefinite amount of time? I would presume an indefinite amount of time, but perhaps some clients may want to implement a timeout for this, for one reason or another.

I believe the current advice is fine; as long as the gateway continues to heartbeat & ack, you can expect the service to be responsive. If you are otherwise required to reconnect, Discord will send you the appropriate close frame, Opcode 7 Reconnect, etc.

Clients are of course still free to implement a timeout in a hypothetical situation they send an IDENTIFY and experience a very long delay before READY, but this is probably unwise; if the gateway is still issuing heartbeat acks, try...

09204b8 New member count fields on get guilds - msciotti

We're deploying a new parameter on GET /guilds/, with_counts. This acts similarly to the way that we resolve invites in our client and returns approximate member and presence counts for the guild.

We've heard a lot of folks with the use case of wanting to keep counts for usage of the bot, or members on a server, and the only way to do so was caching guild members. Now, that is no longer necessary :)

What are the deviation rates of the new fields? will it vary from large to small guilds?

@RogueException or @jhgg could speak better to that - I'm not sure what the variation is.

Looking here shouldn't the new fields be optional? as they are not going to get sent by the API if we didn't ask to.

1efa5a7 optional - msciotti

• approximate_presence_count
• approximate_member_count
  both won't be sent from the API if we didn't want them to say they should be marked optional.

This new parameter wouldn't go far enough to discontinue caching guild members for statistical purposes if the numbers are approximate. Not that I expect perfection, but "approximate" part of this concerns me and I'd feel better about just continuing to cache members in order to ensure a more accurate count.

@tjrgg may I ask the reason why this count would not be good enough for you? What is your use case that requires precise numbers?

@msciotti Accuracy is very important to me for analytical and statistical purposes. I want to be able to see how the member count changes over time, even if just a little, which requires that the numbers I get are precise.

To be fair, now that I've thought about it, this would probably not do anything for me to help my use case anyway, as I would like to gather statistics on information that I just wouldn't be able to get, such as member vs bot count, number of online vs offline members, etc.

@tjrgg it might be beneficial once this goes live to have both systems running side by side to see what the actual deviation rate is from what you observe vs what discord reports?

I too would love highly accurate number counts and have the same apprehensions fwiw but am not sure how realistically close to the actual number either methods will be.

Looks like approximate_member_count and approximate_presence_count aren't documented in the Guild object yet, they should probably be copied from the Guild Preview object.

@srhinos Yep, that's exactly what I intend to do. Hopefully, others can do the same. For me, I'm not targeting guilds with tens of thousands of members, so these numbers may be good enough for me. Though, they still don't tell me how many bots are in the guild, for example, so I may need to use the guild member intent anyway.

I'll experiment with both and see which method reports the most accurate number and use that for analytical purposes. I like the thought of not having to cache member...

Looks like approximate_member_count and approximate_presence_count aren't documented in the Guild object yet, they should probably be copied from the Guild Preview object.

#1529

guild_id should not be nullable in a message reference context, but it could be undefined. do you have an example where this is true so we can investigate?

52c044e replaces int with integer (#1514) - GeopJr

a175cc7 document error code 40002 (#1513) - muddyfish

8b53426 document error code 10026 (#1511) - cherryblossom000

They aren't optional in the Guild Preview; there hasn't been a with_counts parameter announced on the guild preview endpoint, and there isn't one currently.

0776338 clarify num_shards does not limit all possible ... - z64

this explanation gives too much ambiguity and flexibility. the reason the original phrasing worked is because it told a user exactly what to do for heartbeating.

while there's some original ambiguity around when to begin the heartbeat, we should instead just clarify that it should be sent after heartbeat_interval millseconds, and every heartbeat_interval milliseconds thereafter

If you could separate users and bot accounts somehow, that would be great. Large bots face issues with bot bank servers; some users collect tens-hundreds of bots into one single server with less than 3-5 users in it. Some bots have a feature implemented, to leave these pointless guilds, to avoid unnecessary resource usage. ( Not to talk about reconnecting to 80k servers, and having these bot collector servers at the same time. )

Sure, that sounds fine to me. The reason I proposed this, is @jhgg (iirc) once gave an explanation that the desktop client waits a random amount of time less than the interval before starting to heartbeat, which helps prevent bursts of traffic at heartbeat_interval periods when reconnecting waves of sessions at once on Discord's end.

I recognize that bots are only a small subset of this traffic, and the same thinking likely doesn't matter as much - so I'm happy to reword this if we want ...

If you could separate users and bot accounts somehow, that would be great. Large bots face issues with bot bank servers; some users collect tens-hundreds of bots into one single server with less than 3-5 users in it. Some bots have a feature implemented, to leave these pointless guilds, to avoid unnecessary resource usage. ( Not to talk about reconnecting to 80k servers, and having these bot collector servers at the same time. )

This is not the first time we've heard this, but we are lik...

Perhaps we can look into adding limits on the number of bots which can join a guild.

Whilst there are definitely some guilds which abuse bots, there are legitimate reasons for having a large number of bots in a server, such as bot listing sites which track updates to bots automatically through presence.

if we want to support that use case for bots too, we can provide sample code involving random like

after `heartbeat_interval * random.random()` milliseconds

Out of curiosity what about bots that have "stats" commands like how many total users.

In order to show how many total users I was adding up the memberCount(although not entirely accurate, its pretty close). I don't think this endpoint is a good solution for this use case. I would need to make thousands of requests 1 per server to figure out the total amount of users?

Perhaps we can look into adding limits on the number of bots which can join a guild.

This sounds like a decent idea. If I might suggest my take on it: Limit a guild to some number of bots (perhaps 50?), but then allow servers to be whitelisted to bypass this limit. This limit could be bypassed if the person adding the bot is the bot's owner (there's already a check to see if the user is the bot owner, when the bot is set to private, so it could possibly be reused).

Then, when a server...

If you pin a message in a dm channel, you can get guild_id as null.

This was once mentioned to add an additional column to the User structure, to indicate which of the fields are actually readable by bots and which aren't

Now I want to suggest to perhaps do that for multiple places, as it isn't always entirely clear, what things are usable/readable by bots and what isn't.
It would help a lot reducing possible confusion and all those "Why can't my bot use x?" questions. It woul...

I see. It looks like we added this into dm contexts then. this will be fixed in next api deploy

Isn't the reference object needed so the auto pin message links to the message that was pinned?

I also have one concern: currently, member counts are updated passively when we receive websocket messages for member update, but with this API, you need to either

1. make API request for each guild the bot wants its count for
2. cache the value, which is not always accurate (because, without the member update message, how do you know when the cache is invalid?)

For example, this is a discord.py code:

member_count = 0
for guild in bot.guilds:
    member_count += guild.member_co...

I feel like it would be useful to know when someone was banned when you look up a specific bans or all bans in a guild. You can't use audit logs to get this info since those only last 45 days.

@apple502j

2. Or, include member counts to Guild Update event - no API requests!

https://github.com/discord/discord-api-docs/issues/1488#issuecomment-613057248

This has already been asked for and denied.

I have asked for a new event (that wouldn't require a privileged intent) to mitigate this issue in here: https://github.com/discord/discord-api-docs/issues/1508

isn't @everyone role id = guild id?

            "id": "2909267986263572999",

@night Could you maybe give a short example how this covers

with the use case of wanting to keep counts for usage of the bot

Maybe I'm not imaginative enough because I have to agree with the previous posters that for 100 guilds that would mean 100 API requests, for 10k guilds 10k API requests, etc. That sounds like an awful deal for all parties involved.

I'll add a real life example, both for you to see (yet another) one, and maybe other folks wanting achieve this kind of tracking....

But you dont get the time using the Snowflake id of the ban?

Ban objects do not have their own snowflake, only a user reference and reason string.

https://discordapp.com/developers/docs/resources/guild#ban-object

As previously noted above, the proposed change doesn't realistically/adequately solve the issue stated in the OP. This does, however, get us halfway to solving the bot collection guild issue without the need for privileged data.

1. Discord shouldn't be trying to determine legitimate use of guilds with a large number of bots in guilds unless it's moderative in the hopes to protect Discord's service/platform. As stated above, there are both legitimate and illegitimate reasons to have a bot c...

this would also be useful to display in the UI

Connect seems to behave like VIEW_CHANNEL on voice channels. EIther this is a bug or this needs to be documented just like the VIEW_CHANNEL permission.

approximate_member_count?   | integer                                                                             | approximate number of members in this guild               |

Some time ago was the PR for public_flags merged, yet the documentation itself doesn't contain this information.
Additionally does it not explain in any way the specifics of said public_flags like f.e. which flags are available through it, if they require any specific setup or handling and some other info I currently can't think of.

So I ask here now for some clarification to these questions:

• Are public_flags usable by bots wit...

Are public_flags usable by bots without any additional OAuth scopes (Advaith answered it already but an "official" response from a Discord staff would be appreciated)

ik you want an official response but you can just test it lol, bots are using it in production without oauth

What flags are actually within the public_flags? Every flag from the flags field of the User object? If yes, why even have a separate field then and not just allow access to the fields option?

• it's every **...

the OAuth flags property is the same as the public_flags.

the flags property ... includes all flags, including private/undocumented ones.

So are they the same or not?

Yes. It is hard to tell from the PR alone - because the documentation is not live yet - but [flags](#DOCS_RESOURCES_USER/user-object-user-flags) is an anchor link to the user flags table.
This is indeed meant to convey that all possible user flags values may also show up in public_flags. The only "difference" is public_flags is populated for Bot clients, and flags is not.

public_flags = OAuth flags = only public/documented flags
Get Current User flags is different and has all flags

So to sum it up (kinda):

• public_flags are all the flags listed on the documentation
• Unlike flags do they not contain undocumented flags (i.e. underage deleted or whatever that was) or like the premium type of a user.

yeah kinda, but flags is different based on how you get it:

• in OAuth, it's only the public flags, same as public_flags
• in Get Current User, it's all flags

That's confusing.

That's confusing.

...which is why I opened this issue. To get some actual clarification.

It isn't useful to bring undocumented flags into the discussion - it just adds to the confusion.
Bit flags in the API follow the same policy as any other undocumented data in the API. The flags fields may contain any integer value. You are only ever guaranteed to be able to reliably enumerate the documented ones in the singular User Flags table. Any other bit may be set at any time, in any context, just as any object may carry any number of undocumented fields.

flags was a confusing user model value because it is internally a combination of public, private, and internal flags. we expose public and/or private flags on flags depending on the request context, which was hard to reconcile when we wanted to bring flags into the base user model serialization we serve network-wide.

as a result, public flags were pulled out into public_flags for just the public flags. flags still contains public flags to be backwards compatible (for now). for th...

Thanks for the clarification @night!

I think I now finally understand this whole setup and look forward to it.

I'd like to see Discord applications have fields in their options to specify links for the privacy policy and terms of service for the application. The purpose of this would be to allow users to have proper notice if using a developer's bot is subject to any conditions and give notice to users of the developer's privacy practices, including what end user data the bot developer collects and how they use that end user data.

Of course, it wouldn't be good enough to just have the fields in the...

Fixes #1516. Denotes that the "name" field is required for author embeds.

I don't like the idea of being contractually obligated to visit an external site for an application that could otherwise be served entirely through https://discordapp.com.

I don't like the idea of being contractually obligated to visit an external site for an application that could otherwise be served entirely through discordapp.com.

Maybe add fields for the Privacy Policy and ToS text and serve it through Discord?

Would this be something developers have to do? Or would it be optional to non-verified but required for verification.
Also, I think for some developers (myself including) could be very difficult to make something like this as we have no experience. While tools may be made, they will likely also take time to make and in the meantime it could confuse many developers that don't have a need (currently) to focus on the legal side of things.

Maybe add fields for the Privacy Policy and ToS text and serve it through Discord?
Maybe.

I'm not a lawyer, but the idea sounds like it requires Discord to legally endorse a bot or the bot's policies, which seems contrary to the ToS:

You shall include in your Applications, website and other relevant locations a disclaimer stating that your Applications, website or any services is or are not endorsed or created by Discord.

It would be pretty useful simply to have a free-text "about this bot" field in the bot settings page, and an UI that allows end users to access that text in a common way -- e.g. from the bot's profile popup.

Dedicating it specifically to ToS and privacy policy is probably best avoided -- it seems to imply a small can of worms, as Sinister points out. However, just having a standard place to look for usage instructions for a bot would be a UX improvement. If we imagine a size limit of 200...

It would be pretty useful simply to have a free-text "about this bot" field in the bot settings page, and an UI that allows end users to access that text in a common way -- e.g. from the bot's profile popup.

could just use the existing application description field and show it in more places (currently it only shows in the Authorized Apps settings page)

could just use the existing application description field and show it in more places (currently it only shows in the Authorized Apps settings page)

That would indeed go a long way.

However, I think that for an app that both ask some users to authenticate with Oauth2 and has a bot present in a guild, a user wondering "what is this app I authorized for my account?" will generally need a different kind of answer than the user who wonders "what is this bot I see in the user list in th...

The incoming change in #1528 adds HTTP guild properties approximate_member_count and approximate_presence_count for users who do not or cannot track these numbers with gateway events. For the sake of consistency, I recommend that presence_count be added to guilds received via the GUILD_CREATE event. This would allow users to have an initial presence count without having to make an HTTP request for every guild on initialization and without having to request presences (assuming they hav...

it is not required, so it shouldn't be documented that it is

This would be VERY helpful for getting statistics to dashboards without the use of IPC or a bot instance. Very very good PR! 👍

Updates widget/embed stuff in the Guild page according to my discussion with night in Discord Developers

I know it was server before as well. But shouldn't guild be preferred? Considering this is a guild object structure and not a server object structure. Maybe a nitpick.
Otherwise looks ok.

They're referred to as servers in many other parts of this page too

I guess it should be fixed in a separate PR. It's just annoying with all these inconsistency

this api is working as intended. embeds are built with an "all fields optional" approach, with exception to fields, where a name and value are required. this is to remain compatible with our service embeds, like slack embeds, which may have embeds missing fields. the client best-effort renders embeds based on the fields provided within it, but we don't render this case because the embed would seem broken if we did

I don't like the idea of being contractually obligated to visit an external site for an application that could otherwise be served entirely through https://discordapp.com.

I'm not sure I understand what you mean. I'm not proposing any new contractual obligations. I'm only proposing that Discord give developers a way to notify users of the developer's privacy practices and conditions. I brought up consideration for a requirement for verified bots, but that's less important to me than the ...

It would be pretty useful simply to have a free-text "about this bot" field in the bot settings page, and an UI that allows end users to access that text in a common way -- e.g. from the bot's profile popup.

Dedicating it specifically to ToS and privacy policy is probably best avoided -- it seems to imply a small can of worms, as Sinister points out. However, just having a standard place to look for usage instructions for a bot would be a UX improvement. If we imagine a size limit ...

Would this be something developers have to do? Or would it be optional to non-verified but required for verification.
Also, I think for some developers (myself including) could be very difficult to make something like this as we have no experience. While tools may be made, they will likely also take time to make and in the meantime it could confuse many developers that don't have a need (currently) to focus on the legal side of things.

My thought is it would simply be an option, howev...

This could be used to identify which roles are for bots or boost/twitch. Some bots may want a reliable way to identify which role is their "bot role" and this could be an easy way to provide a backwards compatible option for this, since in the future discord might add other managed roles that can be applied to bots.

My opinion is that the inclusion of third-party terms of service or privacy policies, or references to them, as an official part of a bot's authorization flow effectively requires users to agree to them when adding the bot to a server, or maybe when directly interacting with the bot or when sharing a server with the bot. I do not think it is a good idea to require Discord users to agree, sometimes implicitly, to arbitrary third-party terms or policies that can be abusive, changed at-will, and...

@SinisterRectus Fair enough, man. I don't particularly agree, but I do understand your point. I am of the opinion that any public bot should already have these things and this would be a way to give users more proper notice that inviting the bot to a server is subject to them.

I would prefer something like than a makeshift solution, which I'm having to do now. There are plenty of other services where this kind of feature is standard. In fact, many of them require that you have at least a p...

Sources:

• https://discordapp.com/channels/81384788765712384/381871767846780928/610143340238733322
• https://www.reddit.com/r/discordapp/comments/couffh/is_discord_going_to_undo_the_recent_api_change/ewmd8f0/

f328949 Add fields to guild object - msciotti

Oh I faked the ID which is why it's different.

09177b8 match everyone role id and guild id - msciotti

Endpoint is live! So, merging PR.

I appreciate the comments here; as with most things, we do not intend for one change to solve every imaginable use case. The use case here was people asking "Hey, it'd be great to be able to get a count for guild numbers without using the gateway". And this solves that use case.

A couple suggestions I've seen here:

Add with_counts to /users/@me/guilds - less API requests!

It is less requests, but also a ton of data to query, and scales badly f...

27eea4f New member count fields on get guilds (#1528) - msciotti

Why not just say something like

After receiving the heartbeat_interval, you can start sending heartbeats. You can send the first heartbeat within heartbeat_interval, or wait until the interval has passed to start.

I feel like documenting it to this level of granularity risks people introducing bugs if Discord does decide to change this slightly in the future.

ca76b29 Update member and presence counts on guild obje... - msciotti

• Fixed missing ? for optional Guild#approximate_member_count
• Documented a new field that Mason put in an example somewhere:
  Guild#max_video_channel_users. I assume this is optional, but I
  am not sure of the exact situations; I assume it will not be null
  though.
• changed Guild#permissions to say "excludes overwrites" instead of
  mentioning channels specifically. Partially did this because I just spent
  10 minutes reformatting the table and didn't want t...

Documented a new field that Mason put in an example somewhere:
Guild#max_video_channel_users. I assume this is optional, but I
am not sure of the exact situations; I assume it will not be null
though.

dupe of #1512

documented that the guild embed is also known as the widget

semi-dupe of #1536 but inaccurate because it was renamed and referring to it as embed is deprecated

@advaith1 true, I didn't realise that until now. At the risk of sounding like I am being awkward, probably worth merging it here rather than removing it again and then having to fix the merge conflicts in the other issue, which seems to be inactive for the past week

I do not think it is a good idea to require Discord users to agree, sometimes implicitly, to arbitrary third-party terms or policies that can be abusive, changed at-will, and/or written by someone with no legal education or background.

Please take what I'm about to say, with the knowledge that I am not a lawyer, and that I may not be fully correct.

This is not how contract law works.

A developer cannot simply make a change to the contract, and suddenly make that change apply retroa...

@LikeLakers2 Just to clarify, are you saying that we should not be concerned about agreeing to terms/policies because they are not enforceable when poorly administered?

@SinisterRectus I can't say whether some terms/policies are enforceable or not, because saying something "poorly administered" (legally speaking) requires considering a lot more than just a hunch. It needs to consider the specifics of the terms/policies, as well as the circumstances surrounding it, and possibly more.

All I can say is that abusive contracts are probably unlikely to hold up in court, and that contracts can't just... be changed, as both signers of the contract need to know ...

I don't disagree with you, I'm just saying that, when using a Discord bot and if given the opportunity, I'd rather not agree to potentially bogus terms than have to agree with them and later prove that they are bogus.

You could have that same problem with websites, though. What's the difference between a Discord bot having terms/policies, and a website having terms/policies? Is it that it's a bot? Is it that the bot is more likely to have bogus terms in your mind?

Not sure how to answer that question since I'm not sure of the relevance. I don't think that there is a meaningful difference.

Maybe if someone can give a scenario where a Discord user would need to be "subject to additional terms and policies" by adding or using Discord bot, or why the standard Discord terms do not cover "what end user data the bot developer collects and how they use that end user data", then I can better understand this. Keep in mind you don't have to convince me, I'm ju...

I am curious if this feature request is attempting to solve a problem, or is a matter of convenience for the end user (when a developer chooses to opt into the system by providing said links).

If the former, then the point Sinister brings up 'why the standard Discord terms do not cover "what end user data the bot developer collects and how they use that end user data"' would need to be addressed.

If the latter, then it sounds like a matter of personal opinion that bots should be encoura...

I don't disagree with you, I'm just saying that, when using a Discord bot and if given the opportunity, I'd rather not agree to potentially bogus terms than have to agree with them and later prove that they are bogus.

This is avoided by reading the terms and understanding what you're agreeing to. If you don't like them or think they're bogus, don't agree and find another bot. Frankly, there's plenty out there and they'll all likely have different terms.

I am curious if this feat...

I do not think it is a good idea to require Discord users to agree, sometimes implicitly, to arbitrary third-party terms or policies that can be abusive, changed at-will, and/or written by someone with no legal education or background.

@SinisterRectus Please take what I'm about to say, with the knowledge that I am not a lawyer, and that I may not be fully correct. (However, I think I know enough to at least have confidence in what I'm saying)

This is not how the law works.
...

This feature request is trying to solve the problem of users being able to add bots and not being presented with the developer's privacy policy before it starts processing end user data. The user is given no notice about who the developer of the bot is, what information that developer collects with their bot, and how that information is going to be used. You might potentially be able to find a website for the bot with this information or it might be contained within the bot, but both of tho...

@mr-calrissian In my view, the solution you've stated isn't a solution at all. It isn't the user's responsibility to try and find this information. As a developer of an application that uses end user data, it is my responsibility to ensure that the end user receives notice. It's less of a convenience to end users than it is an easier way to comply with privacy laws for developers.

If you think what you're doing as a developer is good enough, then by all means keep doing what you're doing. ...

Not sure how to answer that question since I'm not sure of the relevance. I don't think that there is a meaningful difference.

Maybe if someone can give a scenario where a Discord user would need to be "subject to additional terms and policies" by adding or using a Discord bot, or why the standard Discord terms do not cover "what end user data the bot developer collects and how they use that end user data", then I can better understand this. Keep in mind you don't have to convince me...

Your original proposal appeared to me to impose additional, external conditions, terms, or policies on bot users supplementary (rather than complementary) to the Discord ToS and privacy policy:

Of course, it wouldn't be good enough to just have the fields in the application settings. Discord should use the links provided to notify the user via the authorization flow to let users know that the application/bot they are authorizing is subject to additional terms and policies.

That is wha...

I am trying to create a bot via the Discord Developer Portal. I created an application and it's bot. I control the bot with this C++ library.

Yesterday everything worked fine. However today I found the bot to be offline and the C++ program can't reach it. I made sure the token is correct and even created an entirely new application. But for some reason the bot is always offline.

Are you getting an error? Have you tried asking in that librar's support server?

Hello, I am having some problems with a bot coded in python, the problem I'm facing is that when I turn on the bot all seems to works good, but after a time working (aproximately 12h) It suddenly shut down with this error:

Traceback (most recent call last):
  File "/home/diego_cuenca_prieto/.local/lib/python3.5/site-packages/discord/gateway.py", line 470, in poll_event
    msg = await self.recv()
  File "/home/diego_cuenca_prieto/.local/lib/python3.5/site-packages/websockets/protoc...

Can you try

curl https://discordapp.com/api/v7/gateway/bot -H "Authorization: Bot TOKEN"

(leave the Bot there but change TOKEN to your bot's token)
in your terminal from where the bot is running and send the response?

Yes, I do it and I get this:
{"message": "401: Unauthorized", "code": 0}

I am doing that but shouldn't the bot be online whether or not I run a program on it?

no, the bot will be offline unless it's connected to the gateway

No, that's not how bots work. Anyway, this repository is for reporting bugs with the API.
Feel free to join discord.gg/discord-api if you need more help with this.

Ok thanks.

@SinisterRectus I'm not suggesting that bot developers impose additional terms and policies because this can be done already and often is with large bots. The issue is that end users don't always receive proper notice that adding a bot is subject to those terms and policies. Put another way, my proposal would allow users to receive notice when additional terms and policies exist before adding a bot to a guild instead of no notice at all. It's better for everybody if end users receive this not...

For the avoidance of doubt, this proposal is NOT intended to require developers to have their own privacy policy or terms. I'm proposing these fields as OPTIONAL fields for those that might want to use them. I've updated the description to better reflect this.

Small "a vs. an" typo in the channels invite creation section.

Your token is may be expiring due to too many identifies with our gateway. You are limited to 1000 identifies per day.

It would be useful if we could set the name color of a webhook message instead of it always being white, just like how you can set the username and avatar URL in the post request.

Also, it would be useful if we could edit webhook messages after sending them.

Mason said it would be fine to put both of these in one issue.

thanks

thanks

thanks

(Please react with 👍 instead of manually commenting thanks - commenting sends out notifications which can become quite high volume with everyone chiming in!)

(Please react with 👍 instead of manually commenting thanks - commenting sends out notifications which can become quite high volume with everyone chiming in!)

thanks

thanks discord

There is also going to be a nonce but I haven't been able to get that to work yet.

I'm welcome for better description suggestions. I escaped < and _ because I can't make assumptions on the renderer.

@spotlightishere ​​​᠎What the fuck did you just fuckiwg say about me, you wittwe bitch? I’ww have you kwow I weached the top of the page ow FuwAffiwity, awd I’ve beew iwvowved iw wumewous secwet cowvewtiows wowwdwide, awd I have ovew 300 cowfiwmed yiffs. I am twaiwed iw gowiwwa fuwsuitiwg awd I’m the top suitew iw the ewtiwe US fuwwy fawdom. You awe wothiwg to me but just awothew weeaboo. I wiww yiff the fuck out of you with pwecisiow the wikes of which has wevew beew seew befowe ow this Eawt...

@msciotti spam ^

it's not spam, its a genuine reply

DISCORD IS SILENCING ME

now you can know when it's "done" by comparing chunk_index against chunk_count in the chunk payloads.

f60b948 Add chunk_index and chunk_count (#1545) - MinnDevelopment

d16185a Guild member chunk counts changelog entry - msciotti

Looks like this was added to #1528 and merged so this PR should be closed

I'm thinking about ways to implement a general solution for this problem.

I think a good example of how it can be done is seen with the Guild Preview Object that is returned by the Get Guild Preview endpoint. This is essentially just another subset of a guild object, but it is documented separately. The table is explicit about what you g...

BTW the reason I added Guild Preview Object as a separate object was that the Guild object didn't have approximate_member_count and approximate_presence_count then

Now we're receiving presence updates from everywhere it happens.
In future presence intent will limit the bot to be in max 100 servers.

What if we could choose from which guilds (with a limit of course) we want to receive presence updates? So the bot would be in more than 100 guilds and we would get presence updates only from X chosen guilds in the developer portal and those chosen guilds could be changed only once in month to prevent fetching presence updates from different guilds just b...

Now we're receiving presence updates from everywhere it happens.

you already can use intents (and it's recommended)

In future presence intent will limit the bot to be in max 100 servers.

no, you just need to show how you use the intent in your verification application (which you will have to do anyway for the bot to be on over 100 servers), and you'll have access to the intent.

For the API endpoints:

• https://discordapp.com/developers/docs/game-sdk/store#create-purchase-discount
• https://discordapp.com/developers/docs/game-sdk/store#delete-purchase-discount
  They show the endpoint is /store/skus/{sku.id}/discounts/{user.id}/
  When making a request to this, the slash at the end causes a 404, so actually, the endpoint should be:
  /store/skus/{sku.id}/discounts/{user.id}

The endpoint above returns (No content I guess) But this should also show `{"cod...

I think it also needs this for dispatch, it is not clear at all, without directly asking Mason, I would not have been able to do it, even aster scanning the docs for weeks

guess this is just to get the token directly, how do I just get the "auth code" from react native client? I want to let user login and redirect back to my app using custom schema and then get the token via my server so I shouldn't need PKCE right? But I still get "invalid_grant" error.

the endpoint I use is this: **`https://discordapp.com/api/oauth2/authorize?client_id=${
discordApp.CLIENT_ID
}&redirect_uri=${discordApp.oauth.REDIRECT_URI}&response_type=code&scope=${
discordA...

Closes #1548

I hadn't realized "guild preview" was community-documented. I guess it's just another "partial guild object" case instead of a unique type.

I don't think showing {"code":204, "desc":"No Content"} would make sense here, that could easily mislead people to think that it returns json (which it does not); the comment explaining that it responds with a 204 status code and therefor no content should be fine.

I don't think showing {"code":204, "desc":"No Content"} would make sense here, that could easily mislead people to think that it returns json (which it does not) and doesn't fit in with how they've documented other 204 endpoints in the sdk section; the comment explaining that it responds with a 204 status code and therefor no content should be fine.

Well, it's really an

373b18f Add nonce to request guild members (#1549) - MinnDevelopment

Currently when we try to create an invite we are getting the same x-ratelimit-bucket for all channel id's. The response says we are rate limited, but not globally, but every channel from tons of servers seem to be using the same bucket.

We are using this api: POST/channels/{channel.id}/invites

Are invites from one bot request all in one bucket or should it be channel id based?

The bucket only represents the endpoints. You have to apply the major parameters after the hash:

hash("{method}:{path}") + major

This is explicitly mentioned in the documentation:

A unique string denoting the rate limit being encountered (non-inclusive of major parameters in the route path)

I have been testing around with how many attachments you can add in a single message, and I have not been able to find one for webhook created messages. The documentation states that you can only attach one file to a webhook message, but I have been able to attach up to 44 before getting a request too large error.

There might be a limit missing in the API, and if there is, that limit should get documented.

I think the descriptions for the priviledged intents on the developer portal could require some Tweaking, to make it more clear, if you need it for your bot or not.

The descriptions should perhaps provide some common cases, where this intent would be required to have.

Example with Member Intent (assume the markdown being formatted on the site):

If your bot tracks server members or downloads the entire member list, you may need the server members intent to receive member events...

The documentation mentions the revocation URL but does not give any indication of how it should be used. Does it comply with RFC 7009? Document that.

Here's what I'd like to be able to write:

sealed trait PartialGuild {
  val name: String
  // ...
}
case class GuildOutbound(
  name: String,
  // ...
) extends PartialGuild
sealed trait ExistentGuild extends PartialGuild {
  val id: ULong
  // ...
}
case class GuildPreview(
  id: ULong,
  name: String,
  // ...
) extends ExistantGuild
// ...

Or in Haskell:

data Guild = Exists ExistentGuild | Outbound GuildOutbound
data ExistentGuild = Visible Visi...

DiscordHTTPS401 unauthorized on POST

Me and my engineering team are trying to solve this 401 error we are getting from implementing discord bot through gcloud functions.

Essentially the service is to send automatic messages to our chat server through the bot listener.

Our naive approach was to reconnect with the discord listener and try to re-send the message if there was this error, however as expected that discord automatically ban it since it tried to connect above the 10...

i'm not familiar with the library you're using, but typically a 401 error means you're not sending an authentication header.
if you're authenticated to the websocket (if that's what you mean by the bot listener), that won't help in sending messages as they are sent separately - through the HTTP API. you need to include an authentication header into your http request

either way, why not just use a webhook if you need to send automated messages to a channel?

There is a 1000 session limit per 24 hours (for most bots) documented here. After that limit is reached, your token is invalidated and requests made with it will return 401. You can regenerate your token on your application page, but you also should be making an effort to avoid continuously starting new sessions.

this is way more insightful than the reply, I will get back to this

Discord support can't really help with bot issues. You can get help in:

• this repo
• the official Discord Developers server https://discord.gg/discord-developers
• the unofficial Discord API server https://discord.gg/discord-api

Cannot delete a voice channel, getting an error 404 "unknown channel" response.

CHANNEL ID: 696170574627471420
SERVER ID: 457654766420623380

Does this channel even exist? Are the ID's correct? According to the 404, This is not the case.

See #1304

See #1304

I contacted support about this a few weeks ago and received the following response:

"I've shared that information with our engineering team to further our investigation along. Sadly, we don't have an ETA for when this issue will be fixed, but rest assured that we'll share an update on our status page when a fix has been rolled out." 18 days ago.

I figured I contacted the wrong support (support@discordapp.com) and figured I'd give it a shot here from the recommend...

I restored your channel, so you should be able to update it or delete it (whatever you wanna do).

One of the things my bot uses webhooks for is mirroring a very basic in-game guild chat in a channel on Discord. It lets me reuse the avatars, specify the name, etc. The only downside is that every person is tagged as BOT, so it would be nice to change the text and the background colour of that tag too.

unfortunately, Mason said that's probably not happening

thanks

This user is a friend of mine. They left a server I was moderating for personal reasons, but when they decided to rejoin they couldn't. Every invite I send them treats them as if they're banned.

This repository is dedicated to the discord API. For support you can use the contact form: https://dis.gd/support

Could be he has an alt that was banned. A similar thing happened to be when i banned my alt, for testing my bot commands, my main couldn't resolve invites.

Going on discord support solved the issue.

Some servers interact via the nitro path, and the programming owners took advantage of these activities, so they made programming codes called the nitro sniper. This tool is used while setting one of the nitro on the chat. The account takes it automatically.
I hope the reporting will be useful and thank you ..

This is not the place for this issue. You should make an official support ticket at https://dis.gd/contact with IDs and proof.

When some discord servers interact, you do the work of Giveaway so the owners of programming take advantage of this opportunity and create a programming code that works to automatically subscribe to the Giveaway even if your account is not connected to the internet
I hope that this information will be useful to you

My Discord Tag : !-BøøĐý ˢʰᵃᵈᵒʷ#3091

Please, did you read what @xaanit said here #1558?

This is not the place for this issue. You should make an official support ticket at dis.gd/contact with IDs and proof.

7e75df0 Dispatch Error Codes - msciotti

I'm trying to understand this. So the hash method would be what? md5?

hash("POST:/channels/{channel.id}/invites") + 2562130032120454266 I just want to make sure I understand this right.

We are hitting the rate limit trying to generate invites for tens of thousands of Discord servers. These are per request by interested users.

With the last update, sometimes the menu is left in the middle when you abandon the menu.

This repo is only for Discord's API, for reporting app bugs go to Discord Testers.

@night stated that there is actually no limit, just request size:

This will have to get documented

While we do not have a limit, we only document and support 1 attachment officially at this time.

Following #1544 I would like to request an other thing regarding webhooks.
Since it appears we can now use custom emoji from guilds the bot is in when sending a webhook, it would be very nice to have the same thing for webhook's username.
We can already use default discord emoji but custom one would be helpful as well.

My use case is a cross-server system that relay messages via webhooks accross several guilds. Using custom emoji from these guilds in webhook's name would be neater to id...

I suppose that's fair. To clarify, though, my thinking was more along the lines of not removing it, but changing it from "BOT" to something else. For example, I'm echoing chat from a game on Kongregate, so I'd change the text to the letter K and the background colour to Kongregate's red:

<img width="234" alt="Screenshot 2020-04-28 at 11 14 06" src="https://user-images.githubusercontent.com/1826067/80476145-e40a9600-8941-11ea-9e34-2163b017875a.png">

This would be way less confusing than ...

Whenever you make a request to an endpoint you receive the hash for that route with the X-RateLimit-Bucket header. Then you store it somewhere in a key-value map like

hash["POST:/channels/{channel.id}/invites"] = headers["X-RateLimit-Bucket"]

Then you can use this hash for future requests by doing

bucketId = hash[request.route] + "-" + request.major

To calculate the specific bucket for your request. The hash will be the same for routes that share a rate-lim...

Updated description of guild prune endpoint and added information on the include_roles parameter.

Yeah, Accidentally closed it, the endpoint should not 404 by adding a / to the end as it shows in the docs

It would be pretty nice if when you request the 'guilds' scope there was a method of retrieving the full member objects in servers the connected bot is in.

This would be useful for a web dashboard so you don't have to cache every member just in case they happen to use a web dashboard and need to fetch individual permissions to see if a user is allowed to interact with certain features.

Whilst this wouldn't remove the need for the GUILD_MEMBERS intent, it could definitely reduce the need...

/users/@me/guilds already has the user's permissions though 🤔

It doesn't have the users roles, so you can't calculate per channel permissions

that's true, but you would need to fetch the channels too; why not just use a bot and fetch the member?

Perhaps not adding the entire member object, but just including an array of role snowflakes they have would be helpful.

Personally I'd be fine keeping channels cached as there are significantly fewer of them than members.
I'm mostly trying to avoid sending off a maximum of 100 requests for roles whenever someone looks at my dashboard.

At this point, it would be also be helpful to just have a boolean specifying if my bot is also in the server so I don't have to iterate through them all to find matches, which might be possible given I've heard mutual servers with bots might be coming on the user side.

I know this is old and all, but I'm facing the same issue. I left my bot running overnight and the next day the activity presence disappeared.

Hello I would like to confirm information

SSH

; ! ; !~

The documentation for Create Guild (/guilds endpoint) states both of the following:

Assigning a channel to a channel category is not supported by this endpoint, i.e. a channel can't have the parent_id field.

When using the channels parameter, the id field within each channel object may be set to an integer placeholder, and will be replaced by the API upon consumption. Its purpose is to allow you to create GUILD_CATEGORY channels by setting the parent_id field on any children t...

At a guess, it would appear that the removal of the first quote was missed in commit eb1df2931fff5ddda07f017a8bd33d8fc5075cc4

It appears FEATURABLE is a dead flag which is not used anymore. That may be documented, or kept there.

09822ae Fixed entitlement type to be one that can have ... - msciotti

Around #1307, there was a compatibility change made that can propagate USER_UPDATE events into GUILD_MEMBER_UPDATE events.

If an action that triggers a USER_UPDATE occurs before guild streaming, USER_UPDATE appears to always be held until after it finishes. However, the propagated GUILD_MEMBER_UPDATE event can be received before any GUILD_CREATE, meaning guild_id will be unknown to the client.

Should dispatch of this event, if possible, be held until the client has had...

In the bot invite scope, it would be nice to have a colour specified for the role that'll be created for the bot when it joins.
I'm imagining something like this:

https://discordapp.com/api/oauth2/authorize?client_id=123&permissions=0&color=7506394&scope=bot

If I make an HTTP/2 request to DELETE /api/v6/channels/123/messages/145/reactions, and I give a Bot token that has been revoked today, I get a 429 Too Many Requests response with the following body:

HTTP/2 429 
date: Thu, 30 Apr 2020 15:21:14 GMT
content-type: application/json
content-length: 89
retry-after: 387
strict-transport-security: max-age=31536000; includeSubDomains
x-ratelimit-global: true
x-envoy-upstream-service-time: 15
via: 1.1 google
cf-cache-status: D...

It appears to be any endpoint on V6 causing this, as I can reproduce this on /gateway/bot as well.

Has someone updated something recently without checking that it works or something for this to start happening?

can you elaborate more on this, maybe with some sample data and a timeline? I'm not grasping what the issue here is. in general, however, we don't "hold" any events outside of a small buffer on sessions for outgoing messages

This is a very very nice feature. Maybe it could even be optional? This would give much much more sense of security to larger bots, and "dont leak your token" isn't a very valid argument, considering, you could say the same about 2FA. "Just dont leak your password and email", but we still all use 2FA, as it's a good practice to keep us secure.

Nothing has changed, but I think I see how this can occur. Unauthenticated bots look to share the same global rate limit. Will be fixed in next deploy.

thanks for verifying

Bot Token keeps changing all the time i use it for my server in rust-discord the token is not getting leaked by anyway

The timestamp part of a token changes every time you load the page, however all of these tokens are valid until you press regenerate.

I can grab exact logs later, but the general timeline a user experienced was:

1. Establish a socket connection to the gateway.
2. At any time between this and the first GUILD_CREATE, issue PATCH /users/@me to update the bot's name.
3. We observed the following event timeline:

• READY
• GUILD_MEMBER_UPDATE for guild_id: 123 (not cached yet!), for the current user
• GUILD_CREATE for guild 123
• [...

its not it doesnt work i have never pressed regenerate but it doesn't work

Are you sure you're not passing the client secret instead (pretty common mistake)? The token should work 100% it's how the bot authenticates -- is it being input correctly?

Did you forget to prepend Bot to your token?

to do what?

It is difficult to provide guidance with very little details.

• Are you using an existing library for making Discord bots? If so, you should reach out to their support if you are having difficulty passing a valid token string, and debugging it if it failed. They will be able to help you much more efficiently than we can in a thread here.

• If you are not using an existing library, what request are you making? What endpoint are you using, and what headers are you sending? Or are you fail...

@VictorienXP the function HTTP() from Garry's Mod does support cookies. It just does not support multiple cookies set by the server during the same call because the response headers are contained in a key-value table (aka. hashtable / dictionary), so only 1 Set-Cookie header remains.

My current suggestions are, if more that 1 cookie is set in the response:

• making a proxy server that takes care of cookies (using for instance a small Python script)
• making a binary C++ module that i...

If you request members over the websocket with a nonce that includes a - (for example from a uuid) then you will get the member chunk(s) but the nonce you send will not be included, any other chars seem to work fine

Apparently during some testing _ also seems to have the same behavior

further testing shows it's actually the length that's an issue here, night confirmed on discord that they can only be up to 32 bytes

From the time I initially made this issue, I have seen the following workarounds:

1 - Route requests through a proxy server (like @EstevanTH said)

2a - Use a websocket binary module, like gwsockets

2b - A friend of mine recently made a library based off this method, which may interest you, called discord.glua

3 (untested) - There is a 64 bit version of the Garry's Mod client and server in the w...

I am doing it with the discord developer portal.i have the bot prefix too.What do you mean Authorization header and how do i do that?

The Authorization header is how you send the token to Discord in HTTP requests. You are coding the bot with a library right? The library should take your token and automatically send the header.

Like I said I'm mostly complaining about the fact that we need to add extra steps for something that used to be simple and straightforward...

I was just looking to do some simple webhook executions and nothing more. Nothing fancy. But no I need to basically rely on a third party anything to make the call for the script... I'm just saying it's dumb.

_Anyway yeah now that I think about it, if the header names are directly in keys it's bad for all those non unique headers. I see now how I ...

Valve/Steam HTTP Client 1.0 (4000) is deliberately blocked due to abusive traffic patterns spread across a variety of clients. It's the same reason Roblox/WinInet is blocked as well.

People distribute bad (not necessarily malicious, but... poorly coded) scripts that do stuff like poll for messages, or spam webhook requests.

Since these scripts were distributed to end-users and not run on a single server - we were not really able to ban say "one bad server sending us requests" beca...

Thanks for your response

If you want a simple "proxy" server, matterbridge is a good bridge/middleman, especially if you have multiple services you want to link together. While there's not a public adapter for GMod, matterbridge's HTTP API is very straight forward. I might eventually release mine but its a bit proprietary which is why i haven't done so yet.

documents the nonce limits for both message creation and member requests

https://discordapp.com/developers/applications this is the way i make the bots and everytime the token keeps changing only the first letters as it should.But for some reason even with the same starting characters being the same it needs all of it to be the same you think that the problem is because of the plugins i am using?

LogProblemFunctions -> LogProblemsFunction

Doing this with chunking is not a pleasant experience since you need to filter by name and discriminator on top of having to wait for the gateway response. It would be amazing if we could retrieve users by the discord tag directly, similar to how we can retrieve them by id—the same for getting members.

This would be extremely useful for many bots that accept discord tags as input. Currently, you have to use chunking queries and filter them.

GET /guilds/:id/members/search with query & limit params was recently added

I'm not aware of this endpoint supporting global lookup by discord tag, or generally lookup by discord tag for that matter. There can be 10000 users with the same name, so a query endpoint cannot possibly be the solution here. As far as I know, that is just a slower version of the gateway query but on HTTP.

In my testing, I consistently get a global rate limit response of 30 minutes when I update the voice region of a guild 10 times.

Example response:

date: Sat, 02 May 2020 19:29:19 GMT
content-type: application/json
content-length: 94
retry-after: 1614885
x-ratelimit-global: true
x-envoy-upstream-service-time: 103
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-...

When I tried to connect to a voice channel the app will continuously restart and try to reconnect that channel. It seems like it crashed at the RTC something.

This repo is for Discord's API, for client support go to https://dis.gd/support

as BennyDiscord said, it is supposed to be different every time (because tokens include the time they were generated), all of them will work until you click Regenerate

The mis-match of global rate limit is fixed in the next deploy. Thx

Solves #1574

That doesn't solve the issue you linked. It doesn't support lookup by discriminator.

Issues for leaking your token is really easily made. We are humans we make mistakes. Most times you leak your token by not removing your token whilst pushing your code to GitHub or something else.

I believe this is the original post over in community posts, wanted to share it here for reference: