bbbefdd update api feature request format (#3294) - devsnek

Gatway intent for sticker events are also added to the GUILD_EMOJIS intent so that should also be changed to include stickers.

Shame that the thread linearity was lost in the move to a discussion. But I'll take this as a good sign that this is at least being considered.

Now that it's a discussion, might have a shot at getting implemented

Can this document the sticker cdn endpoint?
stickers/sticker_id.png

Description

The introduction of Slash Command Permissions #2737 brought user and role based permissions. However, the only way to currently achieve channel-specific granularity is to sacrifice a role to a specific command. This is the only way (I can see) to be able to force a single command, from a single app, to run in a single channel.

You can do this by using a channel override for that role that has use slash commands and adding that role to be the only allowed users of that ...

Ok I'm doing it on my own. Wish me luck.

Description

The related emoji field on a sticker seems to require the emoji to be between 2 and 200 characters in length.
However, there's a discord built-in emoji (:v:) whose length is only 1 character. If you pick that emoji as the related emoji, you're going to get an Invalid Form Body error.

Steps to Reproduce

• go into guild settings
• go into the stickers tab
• create a new sticker
• put some name in
• upload some image
• choose :v: as the related ...

Description

Steps to Reproduce

1. Send reply with Button
2. Click button
3. Observe

Expected Behavior

message_reference has channel_id, like:

{
  // ...
  "pinned": false,
  "message_reference": {
    "message_id": "860263541588099124",
    "channel_id": "756477702030098513",
    "guild_id": "715540925081714788"
  },
  "mentions": [],
  // ...
}

Current Behavior
message_reference doesn't have channel_id, like:

{
  //...

Description

With an OAuth login via Discord it is possible to obtain the email address of the Discord user despite the lack of the email scope

Steps to Reproduce

• If not already done, create a Discord app ( https://discord.com/developers/applications/ ).
• Select the app and select OAuth2 in the left menu.
• If not already done provide a redirect URL.
• Select the URL and select only "Identify" scope
• Copy the generated Link
• Login with the copied URL
• Login to the ...

As long as a message is not a thread, all it's replies are spread along the channel.
I'm suggesting that's the moment someone turns the message into a thread, these reply messages will appear in the thread.
This will make more order in a channel like threads is trying to do.

Can't wait for threads to launch officially ! love it.

Did you previously authenticate with the email scope? Connections are persistent, for the duration of the bearer token.

extra newline

They could just use another label if its a bot user. e.g. "Bot Description" instead of "About Me".

The description field has indeed been updated to 4096 characters to solve the use case of logging and moderating messages.

We aren’t going to be upping the content length for bots or webhooks at this time, but are considering how nitro features interact with bots more holistically moving forward.

The description field has indeed been updated to 4096 characters to solve the use case of logging and moderating messages.

We aren’t going to be upping the content length for bots or webhooks at this time, but are considering how nitro features interact with bots more holistically moving forward.

Oh, that's an interesting way of thinking about it
I think it's a little too much power to give users if one person can arbitrarily decide to move _other people's messages into a thread via replies
But I'm open to one day considering a more generic "move message" action so that when a conersation starts in a channel and moves to a thread moderators could clean that up.

Oh, that's an interesting way of thinking about it
I think it's a little too much power to give users if one person can arbitrarily decide to move _other people's messages into a thread via replies
But I'm open to one day considering a more generic "move message" action so that when a conersation starts in a channel and moves to a thread moderators could clean that up.

Would the 6k total character limit ever get raised?

We aren’t going to be upping the content length for bots or webhooks at this time, but are considering how nitro features interact with bots more holistically moving forward.

Would you want a new feature request for this explicitly? As it's pretty important for me to have webhooks at least with the 4k messages

Curious what your use case is @muddyfish

Curious what your use case is @muddyfish

I definitely could use it because of sending users messages via webhook. I have a resend feature on my swear word blocking bot, that sends a users message again but with all the curses blocked out, 4k messages definitely couldn't do that unless this was applied. And things like tupperbox for example who make fake users, also uses webhooks. Bit complicated.

Curious what your use case is @muddyfish

I repost messages other users send and add rich content, such as images, markdown URLs, URL buttons and cross channel replies.
These get reposted using webhooks attributed to the original user, and it would be great for it to work for users with Nitro

Curious what your use case is @muddyfish

It's also used by bots that proxy messages to assist users with plurality. Pluralkit would be an example of this.

Something I'd like to mention is that you can already have a nickname the same as username, but its a rare occurrence. This occurs when you have a nickname set on a server, then change your username to that nickname. I experienced this on a server where I didn't have change nickname perms, but I don't think that has to do with it.

Clarification: I believe this is a viable way to implement limiting allowed selections for slash command equivalents. E.g. limiting channel selection to only categories instead of a list of every channel.

Curious what your use case is @muddyfish

It's not uncommon to have input -> output commands currently where you take in input expecting you to be able to mirror it. e.g. tags, echo commands, logs that aren't in embeds, etc. Right now this stuff is now broken and needs to be updated with manual checks when it wasn't necessary before.

It would be useful if we could include another option type in Select Menus for the user to write any value.

Use case: for my bot, the user can customize the nickname it gives to users. On the bot, we have different "templates" they can pick and choose and combine them. To be more user-friendly, I would like to use a Select Menu with the most common templates, but at the bottom have a text field where they can write a custom template if needed.

I've seen this type of select menu across m...

It would be great if there was an option to synchronize role permissions in a channel according to category, but NOT SYNCHRONIZING EVERYONE ROLE. It would be much easier to configure other channels and not need to edit channels all the time.

For example, I create a main server channels category, in the category, permissions are enabled for only admins to send messages, but if I create a channel in this category called suggestions and I want everyone to also send messages there, the cha...

It would be interesting verified bots could add a custom banner as well. :thinking:

Why should banners be linked to verification status?

Added a 404 page that will go out with the next docs deploy, long-gone user

Added a 404 page that will go out with the next docs deploy, long-gone user

Why should banners be linked to verification status?

I imagine that many bots could use this feature to break the terms of service. For example: Nitro Rewards server advertising bots with a super flashy banner with a server advertising or else a bot inviting the user to an NSFW server with a banner with explicit content

Releasing custom banners only for verified bots would better filter out bots that really want to make proper use of the feature.

Verified bots could still change their banner after being verified(same as avatars) and it's not like Discord would go through ever single bot to make sure they have a TOS appropriate one.

So you would be back at square one.

And I don't think they want to lock features behind verification like that.

69809e2 Update Json Error Codes (#3193) - Jupith

I have tried this in Python, and I am getting mixed results. For an application that I created in April, I can grab a user's email with only the identify scope. Trying with an application I created today on the other hand, the email returns None.

Scopes are additive, which means additional authorizations extend the existing scopes (not replace). If you revoke the app's permission in your user settings and then try again, you won't be able to reproduce this.

Found out a bot can send a guild sticker inside the guild it belongs to.

Message Object:

{
    "content": "test",
    "sticker_ids": [
        "859934445338624001"
    ]
}

When sending nitro stickers or guild stickers from another guild
Error Object:

{
    "message": "Cannot use this sticker",
    "code": 50081
}

Don't know if this is intended.
New OP Status Code: 50081 | Cannot use this sticker

Why should banners be linked to verification status?

I imagine that many bots could use this feature to break the terms of service. For example: Nitro Rewards server advertising bots with a super flashy banner with a server advertising or else a bot inviting the user to an NSFW server with a banner with explicit content

Releasing custom banners only for verified bots would better filter out bots that really want to make proper use of the feature.

It wouldn't make sense to...

Added the gateway event and renamed the intent; will document

• [ ] sending stickers
• [ ] audit log stuff
• [ ] nullable description

This adds the select menu fields to the Component structure table.

Also adds the missing type field to the seperate Select Menu structure table.

| custom_id?   | string                                                                                                      | a developer-defined identifier for the component, max 100 characters                | [Buttons](#DOCS_INTERACTIONS_MESSAGE_COMPONENTS/buttons), [Select Menus](#DOCS_INTERACTIONS_MESSAGE_COMPONENTS/select-menus) |
| disabled?    | boolean                                                                                                     | whether the co...

ok I think I've documented everything!

* except the sticker cdn endpoint; not sure if staff want that documented

ok I think I've documented everything!

• except the sticker cdn endpoint; not sure if staff want that documented

thank you ❤️

There is the chance that Bots may only use the applications.commands scope in the OAuth Link and perform various stuff through things such as HTTP webhooks or similar.

This has the unwanted downside that the Bot account itself, which is still added to a Server, may appear as offline, causing confusion since why is the bot offline?

Idea
There should be a way, like a heartbeat endpoint for slash-commands only, to make the bot account appear active.
Perhaps Discord could send a hea...

Perhaps Discord could send a heartbeat every now and then and the bot could respond with anything to tell Discord that it is still active, and if it is, Discord would make the account appear online, otherwise offline.

This could perhaps use the existing type 1 ping, as it already needs to be implemented in a webhook interaction handler?

When it comes down to slash-commands can we see one particular issue, which is, that you can't be sure if a Bot actually has Slash-commands.

One may argue that you can just type / and see if the bot appears in the suggestions.
This is alright, but in cases where there are more than 50 applications with slash-commands (i.e. on bot lists where you would like to test a bot first before adding it) is this not the most reliable way of doing so.

Having a small indicator to show that a bot ...

I'm not that well with the API and don't know what it offers that could work.

Just going to say, if your "bot" is definitely only ever going to be used for Slash Commands and you are able to receive interactions over HTTP instead of the gateway, just don't make a bot for the application.

I've done this with one of my slash command applications that runs on Cloudflare Workers and no bot appears in the member list, when the "bot" is clicked on for a slash command usage message it just shows the same popup that a webhook would show. Just name and profile picture, no ro...

Hi discord devs & folks!

If their was a way to add a copy button ⏺️ to types of buttons, it would be cool 🎉!
If the copy button was clicked, then discord should copy a specific text 📑 provided by the dev 👨‍💻 of the bot.
But yeah, this would require discord some permissions to get the text copied.

I came to this feature, as I was gonna add userid, chanid, roleid, serverid commands to my bot. And I thought of a button, so that the user could just click on the button to get the `...

Of course that would be great but there could be problems with security because you could copy anything.
However, if you ask beforehand whether you want to copy it (and the text is displayed there) as with hyperlinks, that would be a very good function.

Yeah, you are right
Maybe after clicking the copy button, it should show the text and ask if you want to copy!

Description

Right now, it's unclear which types of messages are affected by rate_limit_per_user and which aren't. This makes it hard to implement bots that enhance or interact with the slow mode feature built into discord. For example, a bot that reminds you when your slow mode timeout is about to expire (for 6hr+ slowmode channels), or a bot that tracks how often moderators use their permission to violate slow mode. However, it's easy to get false positives if you include messag...

Can you provide some more info about where you're seeing this? I wasn't able to find any instances of channel_id missing.

Slash command options give users a clear way to navigate bot complexity when the source of that complexity is multiple inputs per command. But what if you want to build a bot that appears to have only one input per command, based on free-typing and natural language processing?

The current approach doesn't seem to work as well because you have to have an option that appears after you type your command which doesn't do anything except reiterate what the command does.

To be concrete, sup...

this is a regression from (A) which non-slash command bots can already do.

I wouldn't say comparing client UI and sending a message is apples to apples, let alone regression; they're not really comparable.

Furthermore, I can see how in some situations having the inline tooltip seems a bit redundant, but I'd personally favor consistency over UX for some semi-specific scenarios

Description

The GUILD_MEMBER_ADD gateway event is sometimes sent more than once when a member joins a guild.

Steps to Reproduce

I couldn't find a way to reproduce this behaviour, but all guilds I've seen this issue occur on are community servers. That could just be a coincidence though.

Expected Behavior

The GUILD_MEMBER_ADD event should only be sent once when a member joins the guild.

Current Behavior

The GUILD_MEMBER_ADD event is occasionally sent ...

Description
When I patch a message, the allowed_mentions property is resetted/deleted if I don't send it in the body again. On the other hand, when I update only the content property, the components property doesn't change (as it should)

Steps to Reproduce

1. create a new message using
   POST /channels/{channel_id}/messages { "content": "test ", "allowed_mentions": {"parse": [] }, "components": [] }
   --> the user should not be mentioned

2. update the message using
   ...

The allowed_mentions property isn't stored. You have to send it every time content is created or updated. See #1864.

well, that explains it

I see this is working for tokens placed in messages, but it appears that when a timestamp is applied to a message, the timestamp is displayed in the footer of the message with a 'relative' style, instead of the default style used for in-message tokens. Is there a way to influence that, to force another style?

You should report it in discord-testers:

https://discord.gg/discord-testers

You should be able to use the markdown timestamp format in the footer text.

@devsnek markdown isn't supported in the footer text, so it doesn't work.

Unless that is being supported soon? or you was talking about the timestamp field

@IanMitchell could this be moved back to an issue, it is also a bug. I was only able to mark it as a feature request when I created the issue, not as a bug

In the case I'm seeing, I think it's a timestamp associated with an embed on the message. When assigned, it displays the timestamp using a relative style. I don't see any means to use an alternate style for that.

0f13595 Clarify application-owned webhook requirement f... - typpo

324bbaf Document disabled field for select (#3209) - typpo

+1 to this

7384c1a fix(channel): update json params channel length... - 7596ff

I would love to see the option to just send a successmessage as replacement for the general error messages.

You should report it in discord-testers:

https://discord.gg/discord-testers

You can. I don't partake in such a server.

You should report it in discord-testers:
https://discord.gg/discord-testers

You can. I don't partake in such a server.

You can also report bugs via their support form (select "Bug Reporting") if you don't want to report via DTesters :)

you can do it, but thanks for the suggestion.

So the Application Command Interaction Data Resolved Structure says that the channels property has partial channels which

** Partial Channel objects only have id, name, type and permissions fields
now what does permissions mean? I've looked at the documentation for the channel object, didn't find anything
It's not overwrites and after testing a b...

I would like to submit my library, Diskord, to be listed as a community library.
It is a Kotlin-based library which fully implements the ratelimit system and has been in active development and use for a few years now.

The core of the ratelimit system is implemented here in RestClient.kt with the wait logic on [line 28](https://gitlab.com/jesse...

This is something we're aware of, but unfortunately fixing it is difficult - the root issue is present in a number of other locations (hover over reactions).

I don't think I'm able to move it back as an issue, unfortunately - you can open a new issue though and link to it here, and I'll close this out

I checked now, and It was fixed (or I just missed payload).
I close it.

Yeah being able to log into them (kinda like PayPal) would be sick. If Discord's worried about people abusing this they could make all guilds follow a predefined template (that showcases all features of course) and could disable interacting with other people (i.e. seeing messages, etc.).

In this rate limit implementation you're comparing the system time to Discord's time, which is a bad practice. Discord provides a retry-after header (and a more accurate retry_after value in the response JSON) that you should use.

I agree with this.
Thought about similar.

You should report it in discord-testers:

https://discord.gg/discord-testers

reporting it here was fine

Description

When a channel has 10 webhooks, editing existing webhooks will cause the API to error. (The client does not handle/display the error.)

Steps to Reproduce

• Make a channel have 10 webhooks
• Try to edit one (name/icon)

Expected Behavior

it works

Current Behavior

400

{
    message: "Maximum number of webhooks reached (10)",
    code: 30007
}

Screenshots/Videos

![image](https://user-images.githubusercontent.com/11778454/124339317-...

04aee51 Delete slash-command-feature-request.md - IanMitchell

b45ecc7 Update config.yml - IanMitchell

I don't quite see how comparing the system time to Discord's time is bad practice. Sure, I've had clock skew of upwards of half a second on Windows, but that's Windows. NTP should get system time somewhat close to Discord's time -- close enough that even if your clock is ahead, network latency (you -> Discord) will be greater of the two. Additionally, you can check for major clock skew by consulting the Date header in the response.

In exchange, with retry_after, you're losing however m...

In private threads, slash commands can be used, but if the bot is not in the thread, it will not be able to read/manage messages.

If the bot has access to the parent channel, it can reply to the interaction and ping itself, adding itself to the thread. However, this is annoying to handle and it would be nicer if Discord did it automatically, treating using a bot's command as mentioning the bot.

Alternatives possible currently (suboptimal ux):

• just break when the bot isn't in the thre...

I would note that there is also a X-RateLimit- Reset-After header for your standard rate limit handling (when not hitting 429s) that has a decimalized ms precision so that you don't have to worry about API offset. As noted by A5rocks, you lose the one way network time, but you seem to be ignoring ms precision anyways.

The id field on connected xbox accounts is not the users xuid, but another value.
As users can change their xbox gamertag I'd like to receive both the gamertag and xuid.

Steps to Reproduce

Use the Get User Connections endpoint to receive connections from a user with a connected Xbox account, view the id field.

Expected Behavior

The value should be the users xuid, 2535453263238788 in thi...

You need a bot account to do anything other than send messages. I'm sure many, if not most, HTTP-only slash command applications have some functionality other than storing and/or retrieving data.

Discussed in https://github.com/discord/discord-api-docs/discussions/3316

Originally posted by davfsa April 8, 2021

Description

I would like to continue the discussion in #2723 and request a standardization of what Unicode Emojis the API accepts as valid.

Why This is Needed

After looking at what Discord uses internally in the client (thanks to @Emzi0767's extraction of the internal list...

Is there anyway we could keep the comments that were made?

Hey there,

Obtaining the emoji ids of external/custom reactions can be a hassle especially if your bot doesn't have read/edit access on certain channels or even doing it manually so it can be kind of annoying/impossible to get the following:

emoji: name, id, isAnimated via a given message from the reactions

What I suggest is adding the option to allow Shift + Right Click and then Copy ID to copy the selected emoji's
<Optional animated : Optional name : Snowflake id>
or so...

@night was documentation for nonce intentionally removed in https://github.com/discord/discord-api-docs/pull/2859/commits/8cffc76d5806bdee9889e7e7ebdf4617c19a5180?

This is working as intended. Xbox would not let us store user xuids as part of our agreement with them.

Description
While using ephemeral, adding file to message isn't possible.

Steps to Reproduce

            event.getHook().setEphemeral(true);
            File file = new File("image.png");
            event.getHook()
                    .sendFile(file, "image.png")
                    .addEmbeds(new EmbedBuilder()
                            .setTitle("Title")
                            .setImage("attachment://image.png")
                            .build())
       ...

So won't anyone add the feature request label?

miss clicked repository

cant sry xD

cant sry xD

Oh, okay

Custom Emojis have a role parameter which contains an array of role-ids which can use the Emoji. There are a couple of bots exposing that feature to users, allowing them to restrict their emotes to their level roles/boosters/patreons(not sure if that's okay, but I've heard it used in that way)/….

A user of my iteration for this has now asked me if it'd be possible to have the same functionality with stickers. Given that they look the same but bigger, this sounds like something that shoul...

My use case for this would be manipulating emojis on a guild. I would therefore like to be able to restrict it to custom emojis from that guild. But even so, this would bring me one step closer into making the switch.

Description
When setting min_values to 0 and max_values to 1, the user has to select one option.

Steps to Reproduce

1. Send a select menu with the following data:

{
  "type": 3,
  "min_values": 0,
  "max_values": 1,
  "options": [{
    "label": "1",
    "value": " ",
    "default": true
  }, {
    "label": "2",
    "value": " "
  }, {
    "label": "3",
    "value": " "
  }, {
    "label": "4",
    "value": " "
  }]
}

Expected Behavior
...

Regarding the availability of X-RateLimit-Reset-After, we opted not to use that field as it is redundant when you are already computing against reset time, and as A5rocks points out (and our experimentation indicates) clock drift is less of a problem than dramatic and inconsistent latency on API requests return time, particularly for users without good internet. So respectfully to other library authors, this makes me hesitant to call using the Reset-After approach anything but the bad practic...

Additionally, ckohen raised a good point that we were losing some precision on the X-RateLimit-Reset which for some targets would result in an overly-fast retry and has been addressed

What are the security issues with copying plain text to clipboard?

Couldn't we change the way inline works by making it a line break instead. We could have all the fields to default inline, and then manually specify when the fields should be going to the next line.
So when you specify for example
line_break = True
The current field goes to the line.

We know there is this one feature in stickers called related text which brings up some particular sticker if that related word is typed. It would be nice if the same could be done for slash commands as well, like making some purge command with a different name (say "clear") show up in the command explorer on typing /purge.
This would be a lot helpful for people who do not have an idea about what command name to use and do not want to search through all commands of all bots.

It would also be nice if this gave us ability to send custom error messages. Would be useful for saying "you don't have the permission to use this command" if this is evaluated bot side.

Description
Originally posted on https://github.com/discordjs/discord.js/issues/6022
When entering anything that's not a number id, the API times out, instead of throwing an error/ignoring the id. The bot disconnects and reconnects before throwing the timeout error.

However, it works if I enter an invalid number ID.

Steps to Reproduce
Using discord.js v12.5.3 and nodejs v14.15.5 (I imagine its the same with other versions as well)

// doesnt work
guild.members.f...

Description
When interacting with components with an application created webhook where the application does not have a bot, if there is not a registered interactions url the loading state will persist forever.

Steps to Reproduce

1. Create an application, but don't make a bot.
2. Use the oauth2 webhook.incoming scope to generate a webhook.
3. Send a message with components using the provided webhook url.
4. Interact with a component.

Expected Behavior
The component sh...

I could be reading the code wrong, but it looks like discord.js says any string valid snowflake ID, but they should be numeric.

• https://github.com/discordjs/discord.js/blob/1e8f01253e85891b78c2b4ae866ce5ae56add413/src/managers/GuildMemberManager.js#L129
• https://github.com/discordjs/discord.js/blob/1e8f01253e85891b78c2b4ae866ce5ae56add413/src/managers/UserManager.js#L54
• https://github.com/discordjs/discord.js/blob/1e8f01253e85891b78c2b4ae866ce5ae56add413/src/managers/BaseManager.js#...

Should add that while '1234' may appear to be invalid, it is technically a valid snowflake, just not one that practically belongs to any users.

Currently selects have a limit of 25 options. This is an issue for me because I want to use selects to choose roles and channels. I think there should be either an option for selects of roles/channels that bypasses the 25 limit, or just have higher limit in general.

Use case: I have an interactive setup for a certain feature that I want to be able to use slash commands for without depending on a bot user. This means that my current method of prompting for a message won't work.

Duplicate of #3357

Duplicate of #3357

+1. Since selects have the 25 option limit, we can't even do them by ourselves right now.

Should it really terminate the connection though, couldn't it just throw an error instead?

That I don't know. Someone from Discord would have to comment on the specifics, but the gateway has always behaved like this where there are no specific error messages for invalid data, just the generic ones listed here; 4001 or 4002 probably apply here. When you say "respond with error code 400", that is an HTTP construct and does apply here since there is no HTTP request here.

Fair enough, but shouldn't it respond with some kind of error instead of just timing out?

the timeout is due to djs not invalidating the member request timer when the gateway reconnects, not discord's api.

Description

There is a typo in the COMPONENT_LAYOUT_WIDTH_EXCEEDED response.

Steps to Reproduce

• Create a message and ensure there is content and two drop-downs in the same row
• Read the error message

Expected Behavior
The error message would read "The specified component exceeds the maximum width" or "The specified component exceeded the maximum width".

Current Behavior
The error message reads "The specified component exceedes the maximum width" - "exc...

Unfortunately no - I'd just open an issue with a link to this discussion, and then post a link to the issue here and I'll mark that as the answer

8cf4130 Create message-components-bug-report.md - IanMitchell

edd808f Update slash-command-bug-report.md - IanMitchell

8ff5f77 Update message-components-bug-report.md - IanMitchell

to be really honest a tooltip or a toast would be a better UI/UX, and the thing in the ss you have shared, it feels like if you want the success message to be custom which will be a bit of work from discord's side and they might not do it

Currently, the Create Message endpoint accepts the nonce field and includes it in the sent message, but the Execute Webhook endpoint does not accept the nonce field.

The nonce field is useful for matching new messages with stored unsent messages. It would be useful for applications that use webhooks to send messages to channels. The messages can be matched using the content, but this is not fully reliable due to Discord's message normalization, which is likely why the client sends the ...

When a bot only wants to work/doesn't want to work with the specific guild, it should be able to whitelist/blacklist it, so the bot saves bandwith. Also, this could be useful on the client. An user selecting blacklisted guilds that the user won't receive gateway events anymore, so again, we save on bandwith and maybe less ping if the user is gaming etc.

https://github.com/discord/discord-api-docs/issues/3384

https://github.com/discord/discord-api-docs/issues/3384

Would you please mind explaining what you mean by slash command groups, I didn't really get your idea.

Verified bots could still change their banner after being verified(same as avatars) and it's not like Discord would go through ever single bot to make sure they have a TOS appropriate one.

So you would be back at square one.

And I don't think they want to lock features behind verification like that.

That's a flaw on Discord's too low of a bar on verification. Does verification even mean anything if being verified doesn't put developers in a position of trust? Instea...

You broke it

What are the security issues with copying plain text to clipboard?

You could have all kinds of things copied that people might not want to do

Maybe @JelNiSlaw is right. There aren't any security issues.

You could have all kinds of things copied that people might not want to do

That isn't a security issue. We display a label for that button and indicate "Them that what type of text you are gonna copy?"

We display a label for that button and indicate "What type of text you are gonna copy?"

The problem comes from the fact that, while claiming to be copying one thing, you could end up copying something completely different. That could be bad.

Something on the top of my head is a hypothetical bot outputting shell scripts. It could claim to copy that super helpful script everyone needs, but it sneakily adds in an rm -rf /* when using the copy-button (or whatever the windows-equivalent ...

I think it is unlikely this will ever happen. You can just put the id or whatever in the message content/embed and let the user copy it themselves.

Okay, maybe you are right.

Description
When starting a message with //, the mention popups (user & channel) don't show when typing @ or #

Steps to Reproduce

1. Type // in the message bar and a space
2. Type an @ and observe that the mentions menu doesn't appear

Expected Behavior
The mentions menu appears

Current Behavior
Nothing pops up

Screenshots/Videos
https://media.discordapp.net/attachments/842535039412862998/861257231760752680/Screen_Shot_2021-07-04_at_4.4...

Summary

The upload limit for stickers is incredibly tiny, 500 KB for an APNG file is nothing. For reference, emojis have a limit of 256 KB and but can only be up to 128x128 in size.

I am scrambling trying to make the file less than 500 KB whilst also making sure that it looks relatively good considering how it will be viewed. Is this limit set as to encourage Lottie images?

They said they will probably stop allowing lottie files from being uploaded as stickers so I doubt it.

This also happens with any amount of slashes, including just 1.

looks like it happens with emojis as well

As a workaround you can type a space before /

As a workaround you can type a space before /.
Also this is not an API bug so I don't think it should be reported here.

I was told to report it here by a discord staff, this is the place for slash command bugs.
I don't rly need a workaround, just putting it here so they get it on their todo list.

Pasting random things you copied somewhere into the terminal isn't too smart anyway. But somehow displaying the text that will be copied would be enough to stop that.

The nonce field is used for optimistic message sending, something that I don't think webhooks even care about. The nonce is not stored anywhere, and is only used to match a MESSAGE_CREATE event with a pending http request. Additionally we also use the nonce to dedupe retried messages within a small time window.

The nonce field is used for optimistic message sending, something that I don't think webhooks even care about. The nonce is not stored anywhere, and is only used to match a MESSAGE_CREATE event with a pending http request. Additionally we also use the nonce to dedupe retried messages within a small time window.

Given this context, I'm not sure why nonce would need to exist on webhooks. The use-case you provide seems to be trivially accomplishable by recording the message id.

This sounds like a mix between a client and a bot request. Either way, not going to happen. If you don't want your bot receiving events for a guild, simply leave it.

This sounds like a mix between a client and a bot request. Either way, not going to happen. If you don't want your bot receiving events for a guild, simply leave it.

Additionally we also use the nonce to dedupe retried messages within a small time window.

Would this not also apply to retried webhook messages?

Perhaps - our use-case really for this is deduping messages sent on bad mobile networks.

Also, I think it could also be useful for interaction follow-up webhooks, no?

If Discord is going to implement dedicated read-only mode (currently done by bots with channel overrides), it would be better to not only disallow sending messages but also sending DM, reacting even with existing reactions and connecting to voice channels. So just like for members who did not pass Membership Screening, but also effective to members with roles.
A new permission should be added for this purpose, like "Switch members to read-only mode" (SWITCH_TO_READONLY).
If a member was s...

The nonce field is used for optimistic message sending, something that I don't think webhooks even care about.

Sorry if I wasn't clear; this is my use case. The application in question uses a bot and sends messages using bot-created webhooks (like many others).

The use-case you provide seems to be trivially accomplishable by recording the message id.

not sure how the ID is relevant here? since that's only generated when the message is sent

Of course that would be great but there could be problems with security because you could copy anything.
However, if you ask beforehand whether you want to copy it (and the text is displayed there) as with hyperlinks, that would be a very good function.

If you send a nonce, you can store the nonce before sending it to Discord, thus having an unlimited time between requesting a message send and waiting for a message create. if you rely on the message ID, it is possible that you get the message create before getting the message ID back, which can cause issues if you start waiting for a message with a certain ID after you already received it.

Wouldn't this be more of a general discord feature request rather than an api one?

That is the "computed permissions for the invoking user in that channel, including overwrites".
https://gist.github.com/msciotti/b1dabde51ebe2f3e875faf73a7a3509b
This should probably have been documented :thinking:

Used https://gist.github.com/msciotti/b1dabde51ebe2f3e875faf73a7a3509b as a reference

Wasn't sure if the channel object was the right place to include it but saw that permissions had been documented on the member object.

resolves #3379

That's better

Right now, the /profile endpoint is unavailable to bots (or, at the very least locked behind OAuth) and that's fine. It makes sense, but /profile contains the ability to pass a very useful query string, that is ?with_mutual_guilds=true.

As it says on the tin, this allows people to see their mutual guilds with someone else if any. Though, as previously stated, this is unavailable to bots under normal circumstances. But this comes in very useful in any situation where the need to se...

See #3251

Odd. GitHub bad I guess. Didn't see that one before making this.

See #3251

As discussed in #2644, applications managed by a team omit most scopes since they are not bound to a specific user; currently, this is not documented.

Proposed preview:

A Bearer token is also returned by the scopes applications.builds.read, applications.builds.upload, applications.entitlements, applications.store.update, however I opted to omit these, as they are ...

Don't care about the UI, I just want to be able to mute people via the API.

wouldn't it be better to put ; instead of . ?

Description
If a bot does not have the Manage Messages role permission, no gateway events are thrown if a private thread that the bot is a member of gets deleted. This seems to be the case regardless of any other combination of permissions (Manage Threads, Use Public Threads, Use Private Threads and others).

Steps to Reproduce

1. Grab a bot with whatever setup of permissions it may already have
2. Revoke the Manage Messages permission from the bots role
3. Create a pr...

any updates?

You can send a GET request to https://discordapp.com/api/v9/users/{user.id}/profile to get a user's Banner, Banner color, bio & linked accounts. This endpoint is not documented by Discord so I'm not sure if you're allowed to use it but use it at your own risk.
This endpoint cannot be used by bots.

1. discordapp.com is deprecated
2. doing requests with a user (non-bot) token is considered selfbotting and is not allowed.

Currently, when a Slash Command option is set to CHANNEL (Type 7), it will display every channel of every type in the UI when the command is called, so including Text & News Channels, Voice & Stage Channels, and Categories. If a command only works on specific channel types, this creates a hassle for both the user and the developer: the user has more options to scroll through which may get slightly confusing and overwhelming, especially at a large channel count, and the developer has to add ex...

Currently bots can't use [text](link) in the message content, but webhook & interaction messages can.

Imo It doesn't make sense to exclude bot accounts from using hyperlinks in the message content.

Maybe allow users too. Maybe with a permission like USE_HYPERLINKS to prevent misuse

or just attach it to the EMBED_LINKS permission..

1d09e3d Revert "Update Message_Components.md (#3207)" - devsnek

Reverts discord/discord-api-docs#3207

91ee324 Revert "Custom IDs are now validated by the API... - devsnek

Could this also account for incorrect hyperlinks? That would help a lot with fixing them.

I don't quite see how comparing the system time to Discord's time is bad practice. Sure, I've had clock skew of upwards of half a second on Windows, but that's Windows. NTP should get system time somewhat close to Discord's time -- close enough that even if your clock is ahead, network latency (you -> Discord) will be greater of the two. Additionally, you can check for major clock skew by consulting the Date header in the response.

In exchange, with retry_after, you're losing how...

Can you elaborate on what you mean?

I'm enjoying Select Menus, but ran into the remarkably short length limits.

For each option, label is limited to 25, and description to 50.

To put that into perspective, the label limit is shorter than most things in Discord: channel names, role names, server names, usernames, and nicknames.

That's unfortunate, because those are the sorts of things bots will want to include in Select Menus.

Could the limits please be increased to accommodate more use cases?

Description
Hi. I was creating a Discord bot using Discord.js. But today, my bot just stopped working. I know that I definitely should contact Discord.js first in normal cases, but I don't think that this is Discord.js's problem. My app id is 858668862941560883 with the public key 2342f7030c9eed7461fbde4e9ed88ad661ef827bb35d35008285046cc6f8f59f. I tried running the bot but had no response at all. So I tried regenerating the token, but that still didn't work. Searching this problem, I...

you leaked your token in that video so reset that asap before someone abuses that

also this is behaving like you are running into the daily login limit (1000 identifies in 24h). enable debug logs to see if that's the case or not, as d.js will refuse to identify to the gateway then (doing so would trigger a token and limit reset).
Check your logs on what caused your bot to reconnect so many times, fix it and then trigger the token reset by disabling this d.js behavior or use another lib th...

It does seem a bit strange given that the functionality is already in place for markdown styled hyperlinks for interactions (at least for embedded voice application invites), and it's not like the confirmation popup wouldn't appear, so the user wouldn't be any more or less susceptible to clicking on a suspicious/shady link.

md links work for interaction responses because they're based on webhooks, and it's always worked for webhooks (probably for compatibility with other services)

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.
authorization model is still a server owner accepting on behalf of everyone in the server. (...) same level of a field directly asking "Please tell me personal information about yourself".
(...) the case for things like duplicating bios on other sites isn't something we need to support....

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.
authorization model is still a server owner accepting on behalf of everyone in the server. (...) same level of a field directly asking "Please tell me personal information about yourself".
(...) the case for things like duplicating bios on other sites isn't something we need to supp...

I absolutely agree, things should definitely not be easier which is why it is nice to see that's not available for bots out of the box. the only problem is, as you mentioned:

made easy for them and leave the door wide open for more, less intelligent malicious users.

gating that behind both verification AND privileged intents would be good enough to weed out the "less intelligent", it kind of defeats the purpose of building up trust to get to that level if the API still treats the a...

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.
authorization model is still a server owner accepting on behalf of everyone in the server. (...) same level of a field directly asking "Please tell me personal information about yourself".
(...) the case for things like duplicating bios on other sites isn't something we need t...

Discord should prompt a message to not put out sensitive bio and stuff like that to prevent this in the first place however there are many reasons discord does or doesn't do stuff so I'll respect their decisions.

in my opinion bots just shouldnt have access to the about me. It literally says About ME. so while some poeple feel like filling it with eggplant or amogus emojis I think the majority of users uses it for what its made for: giving a bit of info about yourself like pronouns, age, p...

Looks like the animation transparency is a little broken on https://discord.com/developers/...

Hey hello there!

I would like to know If I can add via PR, a new example to handling the signed interactions via webhooks for clojure, the reason is the current example is very specific for ring users and depends on a binary installed on your server to work, which limits a lot where you can spin your bot/app server.

I made this simple function using a java library wrapped in clojure functions that receive fou...

Currently there is no way to reply to a button click without transforming the button style for everyone, or to reply with a new message to the interacting user. Often a new message is not necessary though, take for example reaction roles. After the button is clicked, the roles are given. There is no need to send a success message. Ideally the button would change styles just for that one user, which currently is not possible.

I would propose to implement a feature, where a button changes s...

I wanted to do a discussion regarding API, and came here instead of https://dis.gd/feedback, because on feedback it might end up somewhere, where it will never be seen or take a long time until it gets seen by atleast someone.

So, not sure how many know about the issue with "spam bots" or "scam bots", well basically user bots that join servers DM users phishing stuff. That's the issue.

Now, these user bots can access the API and let's say a server puts members in a place that can't se...

This won’t be changed

This won’t be changed - we won’t make the product worse to fight spam when when still have ways of fighting it in different avenues

This would require making message components stateful, which isn’t something we want to do. In the future we’d like to explore having Forms as a solution for stateful interactions, but that’s down the road a bit.

You can kind of replicate this behavior with ephemeral messages though! Applying that as a change on top of an existing message is interesting, but I think it would lead to consistency issues for users

This would require making message components stateful, which isn’t something we want to do. In the future we’d like to explore having Forms as a solution for stateful interactions, but that’s down the road a bit.

You can kind of replicate this behavior with ephemeral messages though! Applying that as a change on top of an existing message is interesting, but I think it would lead to consistency issues for users

I understand that the permanent change of the buttons style would require the message component to be stateful. But what about just the temporary style change (or even any kind of volatile response, like a checkmark animation or a confirmation popup for a few seconds) ?
The problem with doing the response as an ephemeral message is that it sticks for quite a while or untilthe user clicks it away. It is the current solution I use, but I don't feel like it's optimal. Multiple clicks will very ...

Exactly, I have tried but I ran into a problem that I have not been able to overcome and that is that the roles in discord can have up to 100 characters and the labels are limited to 25 characters and at most you can only create 25 options.

We could join efforts on this one; While ring-discord-auth has ring in its name, it does provide a plain verify function like yours.
If you want you can open an issue or a PR to suggest the use of a different library without native dependencies :smile:

Hey, good point, I'm using org.bouncycastle/bcprov-jdk15on afaik is fully implemented on java, can I open a PR using it in your repo?

We could split the ring/pedestal wrapper into different files and do some unit test WDYT?

Sounds great! Feel free to do that if you're up for it.

If this is implemented the select should also show permanently which roles, channels, etc user has instead of looking it up manually

Hey I opened an PR https://github.com/JohnnyJayJay/ring-discord-auth/pull/2, I first wrote the unit test for your wrapper and then moved to refactor the code, but I would like, if possible, you to test it in you server.

Thanks.

gg

Just have it as a color picker, so users don't have to find the color from browser.

When attempting to patch a guilds vanity url, sometimes the error will be
{"message": "Invite code is either invalid or taken.", "code": 50020}
While other times
{"code": 50035, "errors": {"code": {"_errors": [{"code": "GUILD_INVALID_CODE", "message": "Invite code is either invalid or taken."}]}}, "message": "Invalid Form Body"}
The latter seem to happen on URLs that have been disallowed by discord, would it be possible to get some clarification on when the second error will occur.

I am creating a server that fixes twitter video embeds and it is nearly perfect

But as you can see the only thing that this is missing is the ability to show the tweets text as a description, Allowing this would help to let normal people embed videos in more professional looking ways from both projects like this and personal websit...

Sorry for the spurious issue, but there are no issues enabled on the repo in question.

Is the open source program still running? I see hundreds of unmerged PRs of people attempting to add their servers to the list.

https://github.com/discord/discord-open-source/pulls

This includes my PR I just submitted:

https://github.com/discord/discord-open-source/pull/397

If the program is no longer active, that's fine, but in that case please update your docs to not encourage people to add...

They're groups of commands under a specific label and icon that you can optionally lock to specific guilds

Are they like:
/perms list
/perms edit

Guild wise permissions for global commands exist

You can disable the premium only command and then enable it for 5ye premium guild using the sea everyone role ID

Description

The select component options display opens and remains open after the in app notification link has been tapped on and has navigated the user to another channel/guild.

Steps to Reproduce

Open the select component options display.
Tap on an in app notification before the select component options open animation begins.

Expected Behavior

Either:
The select component options should not display when an in app notification is tapped on.

Or:
The in app notification link...

Why was this issue moved to a discussion?

See https://github.com/discord/discord-api-docs/discussions/3360#discussion-3441399

This pull request adds an info block to all endpoints that support the X-Audit-Log-Reason header, and removes the explicit parameters for those that had them documented.

This is based on the list of events that are classed as arising from "admin actions"; however, it may not be exhaustive. Feedback and review on potentially missing endpoints would be very much appreciated before merging.

Fixes #3165.

I prefer (and rely on) the current behavior; maybe a "force" option could be added instead of changing the normal behavior?

It would probably make more sense to deprecate current JSON body reasons rather than removing them. Perhaps discord should remove them in v10.

Pretty short one: It would be great if bots could use stickers from their servers in other ones they're in. Currently we're limited to using them in the same server they're uploaded in.

It would be nice if the guild preview endpoint could return stage instances for the guild.

My bot uses this endpoint to display info of public guilds but prevents showing any that aren't considered public since the endpoint returns data about any guilds the current user is in.

I currently use the DISCOVERABLE feature to check if a guild is actually public to prevent leaking information about guilds my bot is in that aren't public but if a server has a public stage, they do not get s...

+1, but I'd also highly advice adding some kind of way to type and search in the select menu as guilds can have heaps of channels and scrolling through them would be a time intensive task

Whats the use case for this over setting null?

If you want searchable, you should use a slash command. This should only be used to present a small subset of the available, chooseable by the developer instead of by the user.

You can disable the premium only command ("default_permission":false) and then enable it for the premium guild using the everyone role ID for that guild (basically the same as that guild ID)

That still does not solve the slash command organization. What he means is something like this:

Administration:

• /warn
• /ban
• /kick
  Fun:
• /meme
• /dog
• /cat

Of course, this would mainly be a visual request. However, it could potentially include the ability to sync permission...

Would it be better to simply not get too much into detail about each description instead?

those definitions will change over time

if they are changing wouldn't this be breaking? It's a bit ridiculous to check if nsfw_level is 2 or 4 already...

I wanted to submit a library I'm familiar with, which is aoi.js, to be in the list of community libraries.

These two files are what aoi.js request and handle system are.
They are also handled by discord.js hence preventing any future rate limit:

• https://github.com/aoijs/aoi.js/blob/master/package/handlers/rateLimitCommands.js
• https://github.com/aoijs/aoi.js/blob/master/package/handlers/request.js

Extension libraries aren't added in this repository.

The webhooks update event provides a guild ID and channel ID, but doesn't tell you which webhook was updated. It also doesn't specify if it's possible for multiple webhooks to be updated at once.

This data can be found if your application caches webhooks by fetching the channel's webhooks and comparing the data, but not all applications might find caching all webhooks to be practical. Other update events, such as guild/c...

The reason for this (and the guild integrations update event) is really for the client to reload the webhooks/integrations in the UI. We did this somewhat as a quick hack to simplify the protocol.

It would be interesting to know under what circumstances this information is relevant to bots. I don't think that a bot should attempt to maintain a mapping of active webhooks. We do not send this info in GUILD_CREATE for example, so it isn't really state that a bot could start out with that nee...

The reason for this (and the guild integrations update event) is really for the client to reload the webhooks/integrations in the UI. We did this somewhat as a quick hack to simplify the protocol.

It would be interesting to know under what circumstances this information is relevant to bots. I don't think that a bot should attempt to maintain a mapping of active webhooks. We do not send this info in GUILD_CREATE for example, so it isn't really state that a bot could start out with that nee...

My bot caches a full list of webhooks in a guild, because it needs to use webhook specific features (custom username/avatar, emojis from servers bot isn't in).

My current solution is to download a full list when I don't have any, and then use that until one of my webhooks has moved or gets deleted, and then downloading the list again. This generally means you don't need continuous updates, except for the case when a user moves a webhook and you can't know where it is until you post a messa...

Some routes don't return rate limit headers (Such as when creating webhooks), and some people (including myself) have been confused with the Header Format section stating "For every API request".

In additional context, creating a webhook for a channel does not return with rate limit headers, and some bots (such as NQN) may need to create webhooks for every channel, and since they that end point doesn't return with rate limit headers, they can't respect the rate limits put in place, so they...

My bot uses it to keep track of it's own webhooks and check for them getting deleted

My bot needs to keep track of it's own webhooks and check for them getting deleted

You'll know when the webhook is deleted when you try and invoke it though. That's the intended use of the API.

This generally means you don't need continuous updates, except for the case when a user moves a webhook and you can't know where it is until you post a message through it (or download the full list again through the get webhooks endpoint)

Either way you would miss these events when the bot is offline anyways, and you have no real means to sync webhooks without re-fetching them all...

This PR:

• Adds instructions for CMake/Make build tools.
• Add more details regarding how to retrieve the SDK binary file and attach it.

It would be nice to actually do this, since I've seen users who also use CMake as their build tool, and to shed some light to beginners who are using this as a learning resource. The latter might be quite unusual - there are good C++ developers (I'm sure including Danny) who know the stuff already, but here it is anyways.

In the docs section of the Application Command Interaction Data Resolved Structure, it is stated that "Partial Channel objects only have id, name, type and permissions fields". However, looking up at the Channel Object reveals that there is no "permissions" field, but only a "permission_overwrites".

Just realized there is a template for this type of issue. Closing this one.

In the docs section of the Application Command Interaction Data Resolved Structure, it is stated that "Partial Channel objects only have id, name, type and permissions fields". However, looking up at the Channel Object reveals that there is no "permissions" field, but only a "permission_overwrites".

Steps to Reproduce

None

Expected Behavior

The documentation is coherent.

Current Behavior

The documentation isn't coherent.

Screenshots/Videos

None

*...

Is that not a permission field, tho?

It is, however on the docs it appears styled as <code>, so I expected it to be literal.

it's not a typo, it's a different field which hasn't been documented yet, #3401 documents it

You're right. I didn't go through the PRs.

Description

Add alternative text for embeds when user disabled "Show website preview info from links pasted into chat"

Why is this needed

Many bots are using embeds for response, but user cannot see embeds if they disabled "Show website preview info from links pasted into chat".
So user will see like this:

You can send message with content like this:
![image](http...

duplicate of #3226

duplicate of #3226

Description

Add alternative text for embeds when user disabled "Show website preview info from links pasted into chat"

Why is this needed

Many bots are using embeds for response, but user cannot see embeds if they disabled "Show website preview info from links pasted into chat".
So user will see like this:

You can send message with content like this:
![image](http...

duplicate of #3226

I am suggestion this because this can be used for many things outside of commands as well such as role menu's and etc....

And on top of that if they do add the channels and etc to select menu's there is a possibility that there will be 100's of options.

I simply do not see them raising the limit above 25 for listing these, it doesn't make sense. Why would they create a limit simply to break it? I'd much anticipate this being implemented as a specific type of formatted value, e.g. existing mention markdown, and not as a "please list all these things for me"

@jhgg @IanMitchell
I see https://github.com/discord/discord-api-docs/issues/448 was closed, but dont see any updates. This is still a very much needed feature, and i have to assume you've cracked GDPR by now? Did we implement a solution on a different feature request?

Thanks!

Issues for all feature requests were closed and moved to discussions here. It even says so on the issue. The fact that this discussion is open indicates that it has not been implemented or otherwise resolved.

Manually moved issue #2920

Description

The permissions system needs 3 additions:

• Hidden option which completely removes the command from the command selection (instead of grey it out)
• Option to globally hide/show members by id (instead of doing it per guild)
• Option to (globally) show/hide a command by Discord guild permission (eg. on all servers where ppl. got "Manage Server" they are allowed to use command x

Why This is Needed

While implementing permissions i...

Moved to #3431

Manually moved issue #2877

Description

Add eg. in the Dashboard the ability to customize the interaction failed message. This allows developers to provide more information or links where the user can get help.

This also applies to "Invalid interaction application command". A user didn't know what happened, except knowing that some issue occurred indicated by the text color and exclamation mark

Why This is Needed

Currently, the "This Interaction failed" message isn't...

Moved to #3433

Same for me: I created a PR about 3 months ago, and no one has reviewed it or even posted a comment yet.

I'm having trouble following this, can you elaborate more? The description really confused me.

1. Manage messages has no relation to threads, so I don't really get why that is called out
2. The description makes it seem though that manage messages is really important to this particular bug, but then says "regardless of any other combination of permissions (Manage Threads, Use Public Threads, Use Private Threads and others)."
   But if that were the case I don't get why the bug wouldn't just b...

Can confirm the issue the author describes:
I just made a private thread, added my bot to it, and deleted the thread but no gateway dispatch of any kind got sent after the delete occurred. No member(s) update, no thread delete. The bot even sent a message in the channel right before that. Retried multiple times and got the same result. After I granted the bot a role with manage messages, it properly received the thread delete.

I also managed to consistently receive MESSAGE_CREATEs for a...

I see I see, maybe there were trying to say "no other combination of permissions produces this behavior" that it's specific to manage messages and nothing else. Ok.

This is perplexing though

Merged my suggestions into @JohnnyJayJay repository, thanks for your help, patience, and work for the community Johnny.

We could join efforts on this one; While ring-discord-auth has ring in its name, it does provide a plain verify function like yours (it's called authentic?).
If you want you can open an issue or a PR to suggest the use of a different library without native dependencies, I'll be happy to implement it since it is a good point :smile:

3672795 Fix bad links in Message Components section (#3... - vitorlops

The rate limiting code seems good. I have a couple questions about other stuff in the repo:

• This seems to be a general C bot API for a few services (Discord, GitHub, Reddit). Is the non-Discord code still supported? It's there, but all the documentation references Discord examples. Is the intent to keep this as a generic multi-API bot library?

• I see Slash Commands and interactions are on your roadmap. Is there an ETA on their implementation? While we've not taken an official stance ...

Appreciate this, been meaning to do some cleanup on that code. Let me pull and run this locally to see how it feels.

Awesome. I got a little bit of feedback on this section, splitting it up per interaction type (eliminating that for slash commands, for components, for some future interaction stuff). Any thoughts on this?

Thanks for the report, I have fixes for both things and those should get deployed in the next few days!

583f368 Improve documentation for threads (#3404) - iShibi

@apacheli That's fair enough - I've readded the removed parameters and marked them as deprecated instead :)

Add that the component messages can also be sent in dm It will do a lot, but this is what I mean if you execute a command in a channel the message is sent in dm with buttons or selectmenus

The diff is so large that it doesn't like me commenting on lines directly, so sorry for not having links 😄

I think Application Command Interaction Data Option Structure at the bottom of Slash_Commands.md can be removed, since the Interactions Data structure has all the relevant fields now (thanks for that).

In that table, we can also note the interaction type that the field is valid for. A fourth column that is just a list of types, like what we do for PATCH channel

![image](h...

Commented below on this

Of course, appreciate the feedback!

• Yes in the long-run we want Orca to be a multi-API bot library. But at the moment non-Discord code is undocumented for lacking many critical components users would expect of their API, once those are covered they will be added to the docs.
  Not sure if relevant, but here is a reddit search bot demonstrating cross-interfacing between Discord and Reddit APIs: bot-reddit.c
• Fair point. ...

Are you sure that this is right?

wants to merge 519 commits into GamingGeek-master from master

Why? they do not add that the component messages can be sent by dm

This is what I mean if a user executes a command in a channel that the message is sent by dm

In the given sample program https://github.com/msciotti/discord-game-sdk-test-apps/tree/master/cpp-examples/example-presence tried adding following code in the main.cpp before UpdateActivity to set the game launch link
state.core->ActivityManager().RegisterCommand("chrome.exe https://google.com"); and
state.core->ActivityManager().RegisterCommand("https://google.com");

Neither of above command worked to reflect the game launch link in the users rich presence status. Does the registerComm...

Perhaps you'd like to be more specific... but otherwise,

• bots can send a message component inside a DM, AFAIK, there are no restrictions.
• I recall a bug wherein buttons don't show up in DMs, so check if you're up to date.
• not sure what "message" therein means, but if its an error, its because you need to respond back to any interaction.
• it's possible to send a message with components in a DM if the "command" was triggered in a guild.

coughs I think we can get about me/status of user without the need to share guilds and bots with them. By just getting an id of a user, we can make a request to get their tag (username#tag) and use it to make a friend request (and while the request is not being accepted, we can click pending requests and click on their profile to see their status and about me. So how is security being maintained here?
Bots can't do anything with your data, it's indirectly a user behind the bot who wants to...

Are you sure that this is right?

wants to merge 519 commits into GamingGeek-master from master

probably not

I like that for the table yeah.

I had left that data structure there because that is the internal options object that only applies to slash commands. (including value and type which do not exist in the top level data structure ever...as of now)

Currently, the Create Message endpoint accepts the nonce field and includes it in the sent message, but the Execute Webhook endpoint does not accept the nonce field.

The nonce field is useful for matching new messages with stored unsent messages. It would be useful for applications that use webhooks to send messages to channels. The messages can be matched using the content, but this is not fully reliable due to Discord's message normalization, which is likely why the client sends the ...

The nonce field is used for optimistic message sending, something that I don't think webhooks even care about. The nonce is not stored anywhere, and is only used to match a MESSAGE_CREATE event with a pending http request. Additionally we also use the nonce to dedupe retried messages within a small time window.

Given this context, I'm not sure why nonce would need to exist on webhooks. The use-case you provide seems to be trivially accomplishable by recording the message id.

This PR removes embed visualizers section in community resources because the only listed visualizer is outdated(last commit was made on 4 years ago) and can cause confusion as it uses deprecated embed field and the code generation for libraries are outated too.

Description
When you cancel the session through tapping on "Cancel, and return to discord" hyperlink, it takes you to a "Successfully page", and the post code returns 200, instead of 400 like it does when you for example cancel a twitter connection. It'll return to this page, https://i.imgur.com/P4VGbV4.png

Steps to Reproduce

• Head over to billing settings
• Click on, "Add payment method"
• Select PayPal
• On browser click on "Cancel, and return to discord inc"
• Observe...

Upvoting this! In our usecase we require our members to link their Discord account with their account in our organisation, and until that doesn't happen the member will be unable to type in any guild channel. In order to force an update of their roles we would like to use a slash command in DMs where the user indiicates the guild in which they want them updated once they have linked their accounts together.

Sticker supports it too

Are u sure member add supports x-audit-log-reason?

Description
When responding to a select interaction with a message it doesn't reset the state for the user.
(but responding with type: 7 it does reset the state for the user, but you can't respond with a message)

Steps to Reproduce

{ "type": 4, "data": { "content": "test", "flags": 64  } }

• For a message response (doesn't reset the state)

{ "type": 7 }

• For the state to reset.

Expected Behavior
Both should reset the state for the us...

We've built a pretty robust, up to date embed visualizer for Discord and would love to have it included in the community resources section.

This embed builder includes up to date feature parity with the embed API, including buttons and select menus!

5992184 Add Autocode embed builder link to community re... - threesided

yeah this endpoint doesn't accept that header.

I modified this pr to remove only one resource because of newly merged #3442

In your project settings, you'll want to include the relevant library (e.g. `discord_game_sdk.dll.lib`) as an additional dependency.

I've built a visualization and code-generation tool for Discord slash commands!

To my knowledge it's the most robust slash command builder out there. This tool helps to generate and visualize how slash commands will show up in your Discord server. Allows for full UI based Slash command creation, with access to the underlying code for further development and modification.

Current features:

• Can register guild-specific and global commands
• Handles complex option configuratio...

May I ask, why does this tool require users to link their discord account?

Amazing work!

May I ask, why does this tool require users to link their discord account?
@webtax-gh
As it's written in the description:

• Can register guild-specific and global commands
• For registered Autocode users, will register the commands upon save and generate event handler files for commands as needed as well!

I guess that's why.

May I ask, why does this tool require users to link their discord account?

@webtax-gh
As it's written in the description:

* Can register guild-specific and global commands

* For registered Autocode users, will register the commands upon save and generate event handler files for commands as needed as well!

I guess that's why.

My worry here is that registering the commands for a user would require the user to provide a bot token. IMO it's not th...

My worry here is that registering the commands for a user would require the user to provide a bot token. IMO it's not the thing Discord should promote even if it is legit.

I agree

May I ask, why does this tool require users to link their discord account?

@webtax-gh
As it's written in the description:

* Can register guild-specific and global commands

* For registered Autocode users, will register the commands upon save and generate event handler files for commands as needed as well!

I guess that's why.

...

I'd like to add here that stickers should be handled in a manner more like emojis in more ways than one. I've found that if we're looking to track stickers at all, we have limited access to sticker info, like which guild a sticker's originating from. Ideally, a list of stickers would be provided at GuildCreate event, as is provided with emojis. This would then allow us to track/limit stickers in a guild to allow only stickers uploaded to the guild, rather than limiting both external emojis ...

the guild object (including in Guild Create) already has a stickers field with an array of stickers

That's interesting. I didn't see anything about it in the docs, so I'd assumed it had been left out for whatever reason. I'll look again and do some testing on my end. Thanks advaith.

its in the guild sticker pr #3128

the field is actually sticker_items now

that's on messages, not on guilds

Isn't that the wrong place for such a report?
This should belong in discord testers I guess.

Discord Testers doesn't take billing related bugs iirc.

I did notice there's a sticker_items list, but without the now mentioned stickers object on the guild itself, it seemed weird, given stickers aren't documented in the guild object yet. I've yet to test this on my end, but that's where my confusion was initially.

Sticker supports it too
In case you missed it
(I think)

Which endpoint are you referring to?

As for bios, we absolutely hear the moderation use cases, but we're not comfortable making those accessible right now.

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.

[...] Presence information that shows what you're doing or short-lived custom statuses just isn't at the same level of a field directly asking "Please tell me per...

I can confirm as of now that this is no longer reproducible. Thank you!

I think we can get about me/status of user without the need to share guilds and bots with them. By just getting an id of a user, we can make a request to get their tag (username#tag) and use it to make a friend request (and while the request is not being accepted, we can click pending requests and click on their profile to see their status and about me.

this is not true.

Everyone is able to view your bio, even without being your friend or sharing a server with you. Just your name an...

@advaith1 Alright, my mistake. However, once you join a single discord server, you always have to expect that strangers can join said server and will therefore be able to see your data. And I don't think that bots should be able to see everyone's bio either, just of the ones they share a server with. Which everyone sharing a server with them can definitely see.

I believe the incorrect behavior is what you displayed with type 7 actually. IIRC selects are supposed to locally retain state unless the component is updated. It appears the component is being "updated" even though it should not.

Did you fixed it?

We'll serialize the banner image hash on the user object so that bots can start passively getting that field.

As for bios, we absolutely hear the moderation use cases, but we're not comfortable making those accessible right now.

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.

Privileged intents are great, but the authori...

@Milo123459 I think the primary problem is that it would just confuse most users since the average Discord User usually has no clue what an API is.

What about something simpler, "Allow bots to see your bio"?

Good idea. So something like this, maybe? (Quick concept design, looks horrible, I know)

And if it's disabled it could just return an empty bio...

That looks good. +1 on that.

Sticker supports it too
In case you missed it
(I think)

Which endpoint are you referring to?

Sticker create
Sticker update
Sticker delete

These are in the audit log too

Am I right @devsnek

Sounds like a fair solution for everyone. +1

Why was this removed?

I guess it's not ready yet

Ah, you mean the ones in #3128 - either @advaith1 or I will need to modify our PRs once one or the other gets merged.

af649d4 Remove embed visualizers in community resources... - ShockTr

Ah, you mean the ones in #3128 - either @advaith1 or I will need to modify our PRs once one or the other gets merged.

ok got it

Spammers would just turn that off and it would defeat the moderation reasons to have that enabled. Sounds like a good idea, but I don't see why it would help bots to see normal person bios but not the spammer bios.

@BenSova Well, there are more use cases than just Moderation, such as the one described in the original post.
Of course, a different option, which would also make usage for moderation possible, would be optimal, but this is at least better than nothing, in my opinion.

Description

On Android, after having already selected an option on a dropdown, editing the contents of the dropdown such that the old value is no longer valid, the text stays

Steps to Reproduce

• On a dropdown, select an option
• Edit the dropdown so it has different default items

Expected Behavior

• Update the text of all dropdowns to the default option/placeholder on an edit which changes it

Current Behavior

• It doesn't change

**Sc...

Description

On Android, a select with 25 options doesn't show correctly, instead repeating some options from earlier.

Steps to Reproduce

• Send a select menu with 25 options
• Open it

Expected Behavior

• Each option is shown in order exactly once

Current Behavior

• Some get shown multiple times

Screenshots/Videos

On android: https://cdn.discordapp.com/attachments/471069217391771649/864925905118167050/Screenshot_20210714-18463...

Description

https://discord.com/developers/docs/resources/audit-log#audit-log-change-object-audit-log-change-key

The name key can also appear when a channel gets updated.

Steps to Reproduce

1. Change the name of a channel
2. Fetch the audit log

Expected Behavior

In the Object Changed column it should say guild or channel. (and maybe webhooks and other things with names. Haven't tested that)

Current Behavior

In the Object Changed colum...

Isn't that the wrong place for such a report?
This should belong in discord testers I guess.

This is the correct place :)

GraphQL!

A lot of companies are switching from using REST APIs to using graphql and I think it's time for Discord to switch too. I see a lot of pros of using graphql. Maybe this could be released in API version 10 or something like that. Some pros of using graphql:

• Save bandwidth by only requesting data that is needed
• Run multiple queries or mutations in one request
• and many more!

I don't know why Discord isn't already using GraphQL like [some other companies](https://docs.g...

Client bugs are unfortunately not eligible for reporting via Discord's API documentation repo.

Related #1423.

While cool, I think the chances of this happening are pretty much zero. GraphQL would take a lot of work from the entire company to ship, from infra to developers working on well-known GraphQL gotchas like caching and loading strategies. It's really hard to justify that investment, and would delay us from shipping other cool features for you all instead!

While cool, I think the chances of this happening are pretty much zero. GraphQL would take a lot of work from the entire company to ship, from infra to developers working on well-known GraphQL gotchas like caching and loading strategies. It's really hard to justify that investment, and would delay us from shipping other cool features for you all instead!

7684d79 Add missing fields to Component and Select Menu... - tim-smart

The user's banner and banner color appear to only be returned on the canary API currently, and only a small percentage of users can set their banner color.

Shouldn't this be ?string

Perhaps you'd want to also document the image formatting reference: /banners/user_id/user_banner

| banner_color? | ?string   | the user's banner color as a hex string prefixed with "#", or null if unset                          | identify              |

Yes, I wrote that before I realized it's a hex string lol

Perhaps you'd want to also document the image formatting reference: /banners/user_id/user_banner
Done.

This supports .gif

| User Banner            | banners/[user_id](#DOCS_RESOURCES_USER/user-object)/[user_banner](#DOCS_RESOURCES_USER/user-object).png \*                                                                                                                                                        | PNG, JPEG, WebP, GIF |

| User Banner            | banners/[user_id](#DOCS_RESOURCES_USER/user-object)/[user_banner](#DOCS_RESOURCES_USER/user-object).png \*                                                                                                                                                        | PNG, JPEG, WebP, GIF |

q for staff: is there a reason banner_color is sent as a string, and not as an integer? embed colors and role colors are sent as integers, so this is inconsistent

Description:

The oauth scope, applications.commands.update was moved to a client credentials only scope as seen in issue #2443. However, a better alternative would be to add it back as a regular oauth scoped and make it more descriptive during the authorization flow since there are genuine use cases for it.

Why This is Needed:

Registering and managing application commands is more of a one time process, it is not something that developers should really have to write a lot of...

Here it states that bots are able to change channel overwrite permissions for other users, given that they either have an overwrite with MANAGE_ROLES allowed in the channel, or have the permissions they are attempting to change allowed for themselves.

While the former case works, the latter doesn't seem to.

To reproduce:

• Make a new server and clear all default permissions except VIEW_CHANNEL.
• Cr...

olmyuor amk

re ^, they'll change it to an integer

Slash commands were officially announced to the public on 24 March 2021, but they're still disabled by default for a lot of users.

Could Discord please provide some indication of when they expect the feature to be enabled by default for all users?

As it stands, short of asking users to enable the feature, bots either need to implement both classic commands and Slash Commands, or just stick with classic commands. Otherwise,...

It is enabled for everyone, unless the user explicitly disabled the new text box at some point, in which case they will have to undo that and re-enable it.

The unfortunate part of this is that the toggle is all-or-nothing. I don't want the markdown preview, but I can't have slash commands without it, so I've opted to keep it off unless I specifically want to use a slash command.

There was some discussion over at https://github.com/discord/discord-api-docs/issues/2368 about letting individual features of the new text box be disabled, but that discussion died quickly -- and in any case, I wouldn't expect Discord to find it worth the effort.

Interesting.

Most users seem able to use Slash Commands, but some can't, and don't recall disabling the setting. It's possible that they disabled it before the label mentioned Slash Commands. It's not a great state of affairs.

Description

Community update crosspost messages' message_reference object now is missing guild_id, which does not comply with docs (which says that crossposts always have guild_id) and also breaks the SYSTEM tag on these messages in the client, showing a SERVER tag instead.

Steps to Reproduce

1. Have a channel that has received Community Update crossposts (not just the setup message)
2. Fetch the message via the API, or observe the SERVER tag in the client

Expected Be...

• #3128 already fixes this :)

Description
Ephemeral message content is not deleted by PATCH request.
It does not occur at the non-ephemeral messages.

Steps to Reproduce

• Send an ephemeral reply to interaction with the content field
• Update reply with content: ""

{
  "content":"",
  "embeds": [
    {
      "description": "y"
    }
  ]
}

• It looks like this
  

**Expected Be...

This would be useful

It is enabled for everyone, unless the user explicitly disabled the new text box at some point, in which case they will have to undo that and re-enable it.

advaith is right in that they're globally available, but there is a setting that disables them for users. If you have reports of slash commands not working with that setting enabled, please report it to the dtesters server!

1d4857e refactor(SDK): improve C++ SDK starter steps (#... - J-Human

ab9e385 Document endpoints that support the `X-Audit-Lo... - Nihlus

This would be really useful

I was thinking there could be some method to indicate the reason for the permission when a user is adding a bot via the oauth bot scope. This can be useful for the user to tick off the permissions that they think isnt useful for them. 1 potential way of this could be to set reason for each permission ( or permissions that were ticked) in the oauth2 tab of the application, and then those reasons are saved and showed again whenever any oauth link is used. Other method could be to use url parame...

I ran into this issue today, except it's a required user option and a non-required integer option. The required user option works fine on its own, but if you try to specify the second option it tries to read the rest of the message string as part of the user option value, which is invalid.

https://streamable.com/vb14t4

I have the same issue if the user option is not required. Seems like so long as is specified before another option it will try to interpret other options as part of the u...

Is this true for new ones as well? or just old crossposts?
it definitely broke for old ones, probably about a month or two ago was when we "fixed" a bug that was causing like 100kqps unnecessarily
But i'm 99% sure all new crossposts should have it

Fetching the message of the latest community updates post from June 1st (named public server updates in my image since it was added quite a while back) shows no guild_id field

There hasn't been any posts since so there's no way to tell if it has since been fixed.

looks like 6/3 was when it was fixed, so 6/1 would still have the issue
try the most recent messages from DDevs maybe? I published all the threads announcements for example, so the most recent of those should have guild_id set

try the most recent messages from DDevs maybe? [...] those should have guild_id set

Checked the latest message about app descriptions and indeed it does

🔥

currently only supported in canary client & api

This is now added (in canary) as option type 10 NUMBER! documented in #3455

| value | string, integer, or double | value of the choice, up to 100 characters if string |

This is now added (in canary) as option type 10 NUMBER!

• documented in #3455

No, that's subcommands. Slash command groups are like icons/tabs in the commands menu, where top-level commands are. Like how multiple bots can have commands with the same name, because each command is in a different group.

It's half visual, but there's also the benefit of locking specific groups to specific servers, like you could have a Premium group that only specific servers who payed to use your bot can access. The permissions idea is also good though.

Bots and webhooks are unable to create embeds with videos in them. There's a self-closed issue requesting the feature with the response being "Thanks for linking the create message docs. We don't support videos in bot/webhook embeds yet, but hope to in the future." but there haven't been any updates since.

Another thing to note, if this gets implemented, the client would need to not throw the user to the dms list when clicking any discord:// link that doesn't direct to a channel

This should be decimal, not hex. A decimal of a hex value to be more precise.

The Select-Menu feature hasn't sufficient documentation for the gateway interaction event.
There's a generic example of what it responds, but the fields aren't documented

I agree, this feature is wonderful and must be documented at least a little bit more!

Good thx 👍

This is nice!

Yeah, this definitely needs to be solidified in the docs.

Interaction docs as a whole are quite messy imo. Eg. component related fields being in structures that are supposed to be for application commands. Quite a bit of the interactions docs definitely needs some work.

Pretty sure that PR #3195 aims to tidy up the Interaction docs

currently only supported in canary client & API

Does not work for me in canary client

But the bot is able to create the option choice via canary api.

cant reproduce, not sure what's going on there

On which build you tried?

Mine:

Canary 90350 (64f9f60)
Host 1.0.37
Windows 11

I used the same, on desktop and web
however that looks like an error coming from the API; maybe it's going to the stable API somehow?

I'll take a look

Description

The documentation doesn't make it clear when the THREAD_MEMBER_UPDATE event is sent. The description of the event says that it's sent when the client user's thread member object is updated, but there aren't any fields in the object that can change. The ID and user ID can't be updated, the join timestamp has other events that are fired when it's modified, and bots can't use notification settings mea...