Hello again. I would like this pull request re-considered @typpo. Is this still rejected after the comments brought up?

Description

You can send X-Audit-Log-Reason along with creating a guild scheduled event and with updating a guild scheduled event. This, of course, is not documented. (deleting a guild scheduled event seems to not take this header into account)

Steps to Reproduce

1. send the X-Audit-Log-Reason header when making a request
2. it shows up in audit log

Expected Behavior

Documented behavior happens: most routes that take audit log headers are documented so it is ex...

It is a fairly common pattern to use something like https://api.example.com to host an API endpoint independent of other web content associated with a domain. If I put a third-level-domain into the INTERACTIONS ENDPOINT URL field on an Application's General Information page, it resolves example.com's IP address instead of the IP address of the API server. This happens with Host (A/AAAA) records, so it is unlikely using alias or similar records will resolve the issue.

This behav...

I can't reproduce this. If you're comfortable sharing the specific domain I can take a look though.

Let me reproduce it and make sure it was not a transient issue in the DNS system.

Apologies, not sure what was caching the DNS entry for more than the 2 minutes specified, but I am certain that is not a problem on your end.

did they forget about this

Error

{
"guild_join": "{"message": "401: Unauthorized", "code": 0}"
}

Code

@app.route('/join')
def join():
    discord = make_session(token=session.get('oauth2_token'))
    user = discord.get(API_BASE_URL + '/users/@me').json()['id']
    at=session.get('oauth2_token')['access_token']
    response = requests.put(url=API_BASE_URL + f'/guilds/***/members/{user}',
    json={'acess_token': at},
    headers={"Authorization" : f"Bot {at}",
    "Content-Typ...

I don't know much about what body or headers are required to use the raw API, but I'm pretty sure you misspelled access_token in your json variable

I'm found only what code.

Free

Well, this is really great! I love this idea!

Yeah. Assume that my account was hacked, if the server owner have 2FA requirement for moderation and my account did not turn on 2FA, the hacker(s) will simply need to add a bot, and the bot will do moderations for them.

your account would need the manage server permission and 2fa to add the bot

A hacker, simply needs a user's token to login and run all the dangerous stuff. No 2fa even required.
Nowadays, there are many scam on discord dms too, where hackers (and hacked accounts) ask you to download and test their game. On running it, the app will simply copy your token and send it to their servers.
Great. Literally the easiest and best way to bypass 2fa is to use user token itself.
In this case it was a testing app by a hacker, but what if, it was an fake antivirus or anything li...

this doesn't make sense; it isn't feasible for Discord to ask you to authenticate with 2fa every second for every action the client wants to do, so obviously you can "bypass" 2fa with the token, that's how all services work and basically the whole idea of "logging in" to a service

5b1fce2 package.json: allow node 14.17.x - jhgg

I don't even know what any of this means but cool

The guild_id "extra" field is sent in THREAD_MEMBER_UPDATE which wasn't documented. This PR documents it.

giving the token to someone is like giving them your unlocked phone with the discord app open. don't do that!

is there no way to lock the token to an ip address or device id?
Generally on other services, tokens are tied to devices, and adding a new device requires a new token...

Locking tokens to an ip address is probably not a good idea as people on smartphones or connecting their computers from multiple locations (eg. home & school) would have to constantly re-login.

About locking the token to a device ID... well how do you get the device ID? By sending it in the request. So if someone can obtain the token, they can probably also obtain the device ID, and fake it when making requests.
Some services do that sort of fingerprinting (eg. locking the token/session t...

connecting their computers from multiple locations (eg. home & school) would have to constantly re-login.
rather this than have my account stolen...
Seems discord are constantly playing cat and mouse with people writing malicious token stealers, some of them very sophisticated. This would at least make that sort of attack much more difficult.

Locking to IP only would also cause problems for anyone (most people) that have dynamic IP addresses. Imagine the lease on the IP resetting and now all your tokens are invalid for you.

I personally don't see much reason in adding these additional restrictions as it should be common sense not to share your token, and these restrictions really won't do much against most types of attacks. Don't click links or install/download/run things you don't know/trust. Not too mention, its only discord,...

Don't click links or install/download/run things you don't know/trust. Not too mention, its only discord, its not a banking account where an attacker could get your financial information.

You assume here that every user of discord is like you or I, and knows not to run random things. The fact this discussion is being had shows that it is an issue and needs addressing. No other platform i use takes a lazy attitude to 2FA. I'm pretty sure i cant just clone my phones settings to another pho...

Honestly its hammered into people not to click untrusted links or download untrusted files. This should be as obvious today as not touching boiling water. Ever been told about "stranger danger"? That applies on the internet as well.

As for the other claim, no, you can just copy session cookies from one device to another and they will work. The only places that won't be possible would be some sort of high security application like banking. I can do it right now with my google and github acc...

There should definitely be an option to log out clients, but it should be locked behind a password to do!

You can change your password to invalidate old tokens (and it's locked behind the current password) :)

Oh sick, where? Never seen it

Description

When joining a server on mobile, and not completing screening you see Normal (CTA) buttons as "clickable" but get the "Channel verification level is too high" message when trying to interact with them. (This message is a bit confusing.)

Steps to Reproduce

Join a server with Normal (CTA) buttons on its welcome screen via the mobile app, and membership screening enabled. You will see the buttons as available trying to interact with them will give you...

Description
A member is unable to proceed Rules Screening after re-join. Admins is unable to do anything to reject "request to join" except giving a role manually.

Steps to Reproduce
I couldn't reproduce for myself. It happened with member of the guild I am admin for.
Guild ID: 414757184044531722
User ID: 595617613409681408
Also there's a recent Reddit thread showing the iss...

Description
When adding Slash Commands to a guild with only application.commands there is no audit log entry created.
When removing the Slash Commands an audit log entry is created.

Steps to Reproduce
Add Bot with applications.commands scope(no bot scope)

Expected Behavior
audit log with integration create pops up

Current Behavior
No audit log entry is being created

Screenshots/Videos
![image](https://user-images.githubusercontent.com/15...

Hey, thanks for taking the time to make this report. This repo is for our bot and app API, so I'm going to give this a close because this is client related. I've passed this information along to the relevant team, but in the future for client bugs like this please use https://dis.gd/bugreport. Thanks!

Description

Stage Instance has no notes about BOT not being able to use the API resources.

Steps to Reproduce

Accessing the API endpoints '/stage-instances' using Discord BOT

I was about to implement this and Guild Scheduled Event into DiscordPHP library,
https://github.com/discord-php/DiscordPHP/pull/643
so I worked on with Stage Instance first.

Expected Behavior

I expected it should ret...

Bots can access all of the documented API behavior for stage instances. It sounds like you did a GET request to the base url /stage-instances, while only POST requests are documented for that endpoint.

Don't click links or install/download/run things you don't know/trust. Not too mention, its only discord, its not a banking account where an attacker could get your financial information.

You assume here that every user of discord is like you or I, and knows not to run random things. The fact this discussion is being had shows that it is an issue and needs addressing. No other platform i use takes a lazy attitude to 2FA. I'm pretty sure i cant just clone my phones settings to anoth...

Oh sick, where? Never seen it

@isaackogan The act of changing your password resets your token. So it would be the "Change Password" button you're looking for :)

Oh sick, where? Never seen it

@isaackogan The act of changing your password resets your token. So it would be the "Change Password" button you're looking for :)

Didn't know, very cool! Isn't that a bit unclear for the end user? Though I guess token stealing isn't exactly normal use. Willing to bet most people aren't getting helpful advice in GitHub threads though. Still awesome to know so ty.

I think the tokens are securely.
Don't click on random links and download something what are sus, and don't leak your user token ^-^

I'm also confused on why it's bad UX. Some commands have other ways of showing success, eg. a context menu command that adds a reaction to the message it was used on. Not having to respond to an interaction also makes it possible to DM the user something, so that an ephemeral message wouldn't have to be used for private information (or responses that users may not want to clog the channel with, but do want to keep). For some clients, responding to a slash command can also scroll the chat al...

Having to respond with a message that says "Success" also takes up more screen space than needed, especially if I'm going to respond publicly.

There should be some sort of response to confirm it worked. There's plenty of use cases where multiple things are getting changed where there's multiple failure points (eg, creating a role and adding an override to a channel for that role). Arguing that "well the user can just see that it worked" is not great. What if only half of the operation worked? The user may see that something has changed and assume everything is done/complete/successful.

Whether that confirmation response is a me...

I suppose my argument is more against having to respond via message, rather than having another way to respond. A toast would be nice, or something smaller that's not going to disrupt the flow of commands. You're right that a success (or failure) indicator of some kind should exist, but it really shouldn't be limited to just a message, especially when native parts of the app use toasts and other indicators (and it's clear that Discord is trying to make bots more integrated to native functions)

It would be really nice if we were able to get voice states through the REST API instead of only receiving them through the gateway, it could possibly be behind a boolean query string flag /guilds/{guild.id} allowing only those who want it to get it.

This would be super useful for bots that want to use interactions via an incoming webhook instead of the gateway.

Yes, but forcing it is pretty lame, and its the bot developers job to say what went wrong, and they should be allowed to do so via something not an ephemeral message

What if discord provides additional security like how it asks for 2fa again when I'm deleting servers or changing password, if discord sees that I'm either sending a lot of frnd req or blocking a lot of people (when someone is hacked, this happens) discord can lock up that token and ask for 2fa in order to continue. If the user fails to provide it, notify the real user via email that their account is compromised.

I once saw Facebook doing this: my father's account was once logined to an di...

I think the tokens are securely.
If thats the case, why can any app (dangerous ones ofc) easily get someone's token if they're running on their PCs? Can't wait for avast antivirus and other fake ones to steal tokens, just as they sold data before, same with McAfee.

Oh sick, where? Never seen it

@isaackogan The act of changing your password resets your token. So it would be the "Change Password" button you're looking for :)

Didn't know, very cool! Isn't that a bit unclear for the end user? Though I guess token stealing isn't exactly normal use. Willing to bet most people aren't getting helpful advice in GitHub threads though. Still awesome to know so ty.

It would be really cool for a button on user settings to reset tok...

the change password button. That's what you're thinking of.

the change password button. That's what you're thinking of.

A normal discord user who isn't in coding or doesn't know about "tokens" can never know this fact

This discussion board is for API suggestions and feedback, and this post doesn't really fall under API talk, so it's now locked.

To OP's point, as far as I'm aware the only way to extract a token is to compromise the machine with Discord installed. Unfortunately, once an attacker's code is running with user privileges, it follows that they can do anything you can do. Discord continues to take steps to limit the spread of malicious software and to mitigate the impact of stolen tokens.

This discussion board is for API suggestions and feedback, and this post doesn't really fall under API talk, so it's now locked.

To OP's point, as far as I'm aware the only way to extract a token is to compromise the machine with Discord installed. Unfortunately, once an attacker's code is running with user privileges, it follows that they can do anything you can do. Discord continues to take steps to limit the spread of malicious software and to mitigate the impact of stolen tokens.

#3322

Ah I see, thanks for the heads up.

The value of this object is a string, not another object.

it's not necessarily a string, it could also be an integer or a double

It's awkward enough having like one other spot in the entirety of the docs that could be a string, or an integer, or non-integer number. I may correct it later. It took far too long to find this issue. Leaving it defined as a string is the perfect balance of chaos, given it's not quite accurate, but at least it's not an object. 😈 Thanks for the note, adv.

I doubt if It's 1:1 API related nor discussions can be used for asking questions but there is no place else to ask so I am here.

What is the role of video metadata at embedding videos. I realized somethings were wrong when I posted some videos from some Telegram channels, where metadata erasing is common. On my iPhone they were failing to be properly saved on gallery so I used image selector to send on Disxord. After I posted the videos, They were surprisingly slow at playing in both discord...

This was fixed

Ah, thank you, I missed that!

On cdn.discordapp.com/emojis/..., it would help if Discord could expose a hash for emojis. This hash could be exposed through the response headers (x-hash-md5 for instance).

Bots which need to perform analysis on the image content would find this useful, as they could simply HEAD the object and detect if it had already been processed, saving bandwidth and CPU processing. If it had not already been processed, then it can do another request to download the image content.

Currently ...

Our cdn uses the standard etag header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag

Our cdn uses the standard etag header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag

In an example call, I don't see any etag:

curl --head https://cdn.discordapp.com/emojis/674758248506851379.png

HTTP/2 200
date: Tue, 14 Dec 2021 17:38:21 GMT
content-type: image/png
content-length: 17817
expires: Thu, 13 Jan 2022 17:38:21 GMT
last-modified: Wed, 05 Feb 2020 23:28:22 GMT
cache-control: public, max-age=2592000
x-envoy-upstream-service-time: 1
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="ht...

On cdn.discordapp.com/emojis/..., it would help if Discord could expose a hash for emojis. This hash could be exposed through the response headers (x-hash-md5 for instance).

Bots which need to perform analysis on the image content would find this useful, as they could simply HEAD the object and detect if it had already been processed, saving bandwidth and CPU processing. If it had not already been processed, then it can do another request to download the image content.

Currently ...

The authorization header should be for your bot. The oauth2 access token goes in the body, which is documented here: https://discord.com/developers/docs/resources/guild#add-guild-member

54779d8 Document guild_id field on thread member update... - nerdguyahmad

If you click outside the text box after entering your url the save button should pop up.

afb4f1b correct 8MB to 8MiB in Message Limitations (#4222) - 12932

494829f Correction to Application Command Interaction D... - elderlabs

Thanks for the report, closing this as it seems to already be fixed

6ace2e7 More consistency in the documentation (#4000) - A5rocks

Hey! Could you please provide an example for this in which it didn't work as expected?

9098b40 Document audit logs for scheduled events - typpo

This PR should resolve the snark in #4224

37a25dd Document audit logs for scheduled events (#4237) - typpo

Thanks for the report on this. This should be resolved now.

I would also like to see this capability. As a minimum, allow setting one of the subcommands (without any required arguments) as a 'default' to run in the event that no subcommand is provided. This is important to me to provide an interface much like a CLI command works, where the main command does something default (even if it's just to provide help) and then options or subcommands (or both) can be added to the end of the command to modify its behavior.

8859ae1 remove scheduled events gateway events experime... - hemu

remove experimental disclaimer for gateway events which are now stable and supported

425d3ef remove scheduled events gateway events experime... - hemu

Description
Hiding attachments on an embed response can make it overlap with the message under it.
The "space between message groups" option affects how much it overlaps.
This seems to only happens with interaction responses with the "executed command" thing:

Steps to Reproduce

1. Have a bot reply with a rich embed in an interaction
2. Press the "Remove all em...

Hey

Hi, is there anything that is wrong, or would like to be requested?

Yes probleme discord

This repository is for the documentation of the Discord API.
You may go to https://dis.gd/contact for issues regarding discord itself

@typpo could you take a quick look if the pr is correct for now?

Why not released?

Text input modals are still WIP and subject to change. While this is the case, the beta preview doc is the place to go for information on this potential feature while the API is not finalized. We'll have a look at this PR once it's ready to ship.

This error code is not even merged, let alone deployed. Therefore it is not released.

Description
Bots cannot change their own nicknames in guilds despite having the right permissions. On attempting to do so, it fails with a 403 Forbidden: Missing Permissions

Steps to Reproduce

• Ensure that a bot has the permissions to change their nickname in the guild you will test this in. (Give them the Change Nickname permission in case they don't. I tested with Admin permissions in the demo, but it also can reproducible with the Change Nickname permission.)
• T...

You need to use the Modify Current Member endpoint instead.

I use Windows 11 on my PC but the clients detect it as Windows 10 (idk why)

"Windows 11" is just a version of Windows 10 really, at least for now

Nvm I used the wrong endpoint

@typpo this got released recently 100% iirc.

It's merged now and going out in the next release train. Going to merge this so I don't forget.

c4189a4 feat: document error code 50109 (#4241) - spiralw

Hey! Could you please provide an example for this in which it didn't work as expected?

#4213 yes its kinda a clone but its got an example payload

\* Only valid for [component-based](#DOCS_INTERACTIONS_MESSAGE_COMPONENTS/) interactions.

- An Action Row can have exactly 1 `input_text` component.

\* For now the [type](#DOCS_INTERACTIONS_MESSAGE_COMPONENTS/component-object-component-types) will always be `4`.

- `input_text` must be sent inside an Action Row.

possibly a DM response type?

<img width="742" alt="Screen Shot 2021-12-15 at 4 32 43 PM" src="https://user-images.githubusercontent.com/65673396/146286264-0f449e0a-6856-42b6-9358-cbb8063a1391.png">
also a small slash command icon could be helpful for this--message sent if command fails, and the icon is red. Icon is yellow while bot is "thinking." Icon is green on success.

Description

Steps to Reproduce

Expected Behavior

Current Behavior

Screenshots/Videos

Client and System Information

This should be fixed at this point.

getting a DM response is generally a bad user experience, and ephemeral messages should remove the need for doing that, so I don't see a point in adding a response type for it

some things are better in DMs, though. bots that show private information should probably send you that info in DMs for example, regardless of where the command is sent, and sometimes that private info is something the user wants to keep access to so they don't have to keep using the command (/rely on the bot being up) every time they want access to it

another example: form bots. modals are cool and all, but they're very limited in terms of form bot functions right now, what with a max of 5 ...

I think if DMs are allowed as a response to an interaction, there should be some sort of indication to the user that the bot has responded via a DM (maybe similar to an ephemeral message saying ‘<bot name> has DMed you’ and with a link to the DM message).

I do see the benefit of having bots respond via DMs to send private information that the user might want to refer back to in the future (so it can't be just an ephemeral message), but I think the best solution now is to respond with an ep...

Resolves #4180.

tbh i just think it would be nice to have multiple ways to respond to something in general. ephemeral messages still can cause issues like scrolling away from where an interaction happened or being redundant. it's not good to completely remove things like success or failure indicators, but it'd be nice to have more flexibility when it comes to responding. all responses focus on creating or editing messages only- like before now, bots could just react to ack something, but we don't have that n...

Forcing a response in the first place doesn't make sense. Especially if I want to do something else, like send a public message, which I have to do in addition to an ephemeral message.

31e2861 Denotes sticker_pack.banner_asset_id as optional - jfurrow

b24e9e7 Denotes sticker_pack.banner_asset_id as optiona... - jfurrow

/users/@me/guilds can not only be used by bots (I think the current notice about the OAuth2 scope is a bit misleading, but I don't want to touch that) but it interestingly also supports the with_counts query parameter just like /guilds/:guild_id.

That wasn't documented previously, but this PR adds a notice its support.

Has there been any progress towards a resolution? Interaction Responses should inherit all non-destructive permissions from their bot's integration role. Not having the ability to issue responses containing emotes or proper mentions breaks functionality that exists in the message replies to non-integration commands.

With the deadline still months away, but rapidly approaching, I'd like to release slash commands to my users long before the cutoff window. I cannot do that as things current...

Description
The gateway sends the initial hello payload, an ack heartbeat then immediately after another hello payload. I found this by complete accident when I was updating Sword for the v9 API. As this library uses the v6 API, it did not require intents to be sent on the identify payload. Adding the intents key to the payload fixed it, but the reason I am reporting is that I believe this should throw an Invalid Session (OP code 9) payload, not ano...

• 1 << 1: EMBEDDED_RELEASED
• 1 << 20: EMBEDDED_FIRST_PARTY

https://github.com/discord/discord-api-docs/pull/1993#issuecomment-677893320

dupe of #1993

edit: oops looks like it does work for bots now, still no support via oauth tho

Funny API blob served as a rubber duck here; turns out you need guild.members.read for that to work

should we reword the description to something more like:

"when the user's timeout will expire and the user's interaction in the guild is re-enabled. null if the user is not timed out."

timeout / timed out / timing out was avoided internally to keep the fields more generic and b/c timeout is an overloaded term, but it could be clearer to use timeout / timed out terminology at least in the descriptions here where we have more context, for the sake of having easily understandable d...

Discord added a permission for managing guild time outs - I've never documented permissions, but I assume it should be documented as 1 << 40 (don't quote me on this)

The new permission seems to be named MODERATE_MEMBERS = 1n << 40n

This is correct, a new MODERATE_MEMBERS = 1 << 40 permission was added to gate the ability to set and clear user timeouts. Wou...

We can't know the voice server update is failed, or discord is being late for it.
So if there's VOICE_SERVER_UPDATE_FAIL event, it will be good.

{
  "t": "VOICE_SERVER_UPDATE_FAIL",
  "s": 2,
  "op": 0,
  "d": 1337
  "$note": "that 1337 will change by reason, such as No permissions, Full, and more."
}

Done

That should do

looks good! NIT: would be good to keep description a bit more consistent with others, maybe something like:
"Allows for timing out users to prevent them from sending or reacting to messages in chat and threads, and from speaking in voice and stage channels".

Sure!

Thanks for opening this. However, this is not relevant to our api docs, and it is not something we will document.

why do all of the permission flags have "1L" now? that seems to be a language-specific syntax

That's totally wrong and a mess.
Please close it

That's totally wrong and a mess. Please close it

what's wrong in it?

Everything

Everything

could you please elaborate?

Think about it

Think about it

I don't see anything wrong here tbh, can you be specific

• Missing payload info
• Wrong formatting of table
• Misplaced attachment object

• Missing payload info

  • Wrong formatting of table

  • Misplaced attachment object

• I hyperlinked the exact payload for attachments
• When you want to have a link in a table the formatting is 100% gonna be messed up, many tables are formatted in this same way (see screenshot below)
• What do you even mean by "Misplaced attachment object". I linked the attachment object
  <img width="933" alt="Screen Shot 2021-12-18 at 1 26 00 AM" src="https://user-images.githubuse...

This pr properly adds the slash option 11 attachment

WIP, not released

• [x] Adds Application Command Option Type
• [x] Adds Resolved Data Structure

Duplicate of #4251

im wrong about the table formatting, fixing it now

@NovaFox161 #4251 is a mess.

@NovaFox161 #4251 is a mess.

Then comment on what is wrong instead of being rude and making the exact same PR?

fixed it

this is a dupe ☹️
#4251

I think you accidentally changed the package-lock.json, could you revert it?

I think you accidentally changed the package-lock.json, could you revert it?

sure

closed this PR as this one got too messy, and had too many commits. new pr is #4253

@MinnDevelopment i messed that PR up lol but i think this one should be alright

Just so you know, it usually isn't necessary to open a new PR because there are too many commits.

Just so you know, it usually isn't necessary to open a new PR because there are too many commits.

yeah a few of my friends just told me that lol. should have consulted them before doing this

That's totally wrong and a mess.
Please close it

@Lulalaby your comments are not conducive to our desired environment. Please refer to the Code of Conduct for more information: https://github.com/discord/discord-api-docs/blob/master/CODE_OF_CONDUCT.md

<img alt="Screen Shot 2021-12-18 at 1 26 00 AM" width="933" src="https://user-images.githubusercontent.com/35400192/146615056-b4ef5217-1559-4c5a-9936-3bcf78893cd0.png">

looks like you have wrap on, you'll need to turn it off (alt z) to edit tables properly

<img alt="Screen Shot 2021-12-18 at 1 26 00 AM" width="933" src="https://user-images.githubusercontent.com/35400192/146615056-b4ef5217-1559-4c5a-9936-3bcf78893cd0.png">

looks like you have wrap on, you'll need to turn it off (alt z) to view and edit tables properly

yep i figured it out lol, fixed all of it in #4253

isn't EMBEDDED_RELEASED relevant, because that can determine whether an activity invite generated by a bot will be usable?

also, are max_participants and embedded_activity_config.activity_premium_tier_level considered relevant?

why do all of the permission flags have "1L" now? that seems to be a language-specific syntax

Oh that is a great catch, thanks advaith -- @Lulalaby can we keep perms as is and add the new permission to remain consistent with the other formatting of the other permission entries please?

oh I see where the issue was in needing to maybe worry about longs, my fault for not catching this in my previous review, sorry. This can be tricky because the previous permission value is 0x8000000000 and now with 1 << 40 we ran out of digits with the previous formatting here didn't we :)

I think we can just document the new value as is: 0x10000000000 (1 << 40). This will probably make it slightly misaligned with the rest of the column so if we are worried about that we could probably...

That's totally wrong and a mess.
Please close it

Be Nice, In The Discord-Testers Server If Someone Does Wrong Bug Report We Tell How To Fix Not Yell !

Zina
Official Discord-Testers Bug Squasher

I agree , Bots need this

Description

These flags (or at least most of them) are not self-explanatory so it would be great to have the proper descriptions in the documentation.

Description

There's a difference in value of application flags given by the gateway's READY event and the Get Current Bot Application Information endpoint.
One of the flags that differ is GATEWAY_MESSAGE_CONTENT, the rest appears the same for my bot but there might more discrepancies.

Steps to Reproduce

• [Connect (and ide...

Having had a look through the documentation, other bitfields which have their individual bits enumerated (like this one) have a description colum. There are bitfields purposefully left without elaboration like thread member flags, but since the values of the application flags are documented they should be accompanied by a description.

When adding an image to an embed, the image is currently always rendered at the bottom of the embed, below the text content.
Depending on context however, this isn't always the most aesthetically pleasing position.

To allow for more flexibility when designing custom embeds, I am proposing an additional optional parameter for the embed image structure that specifies the positioning of the image in r...

For example if my IP address was 69.42.06.942 then I could optionally bind my bot to that IP address through the developer portal.

By "binding" I mean making it so that any requests with the Authorization header as the bot's token would ONLY be accepted if they were from said whitelisted IP address, otherwise they'd be rejected with a 403 - Forbidden.

This is a great way of preventing disaster from token leaks as no one else would be able to request from the token, because Discord o...

Even whether it is just optionally, how should it be handled when your ip is dynamic?
I think making an allow list for that is not really the way, to handle these issues

Well you can't really do anything about your IP being dynamic, so you'd have to change it every so often or work on a VPS with a static IP

But yes you're right about dynamic IPs being an issue that can't be solved

• dupe of #3220

• dupe of #3220

For how long are attachments from command options available on the CDN? I think if there is a time window, that should be mentioned in the docs.

For how long are attachments from command options available on the CDN? I think if there is a time window, that should be mentioned in the docs.

This is a good question however I am unsure about this myself as I have not been able to successfully send an attachment due to this feature not being implemented in the discord client yet. Hopefully a staff member can enlighten us?

I tested this, and it looks like the actual behavior is that the socket closes with close code 4013 (invalid intents). I would assume you get another HELLO because the library reconnects. The closing of the socket is intended behavior, and a library should not re-attempt the connection if the intents are invalid.

Invalidate session (OP 9) is for cases where a session no longer exists. It usually implies something like the gateway identify limit, or a failed resume.

Especially if you are trying to get the url from the image uploaded, because message.content blew up. Slash commands don't support images.

Slash commands will support attachments soon fyi

Closes #4247

I would also love to reword some of these explanations to be more professional, but I'll focus this PR to one change.

All channel inputs in slash commands are validated by the API itself, you don't need to worry about the user sending in an invalid channel.

They can't be filtered though. API will check the channel exists, but not if the user can manage it (if user has specific permission in a given channel), or even if the channel is disabled in bot settings itself (in my bot, you can set permission to use command per channel per role, and that can't be done in API nor I saw any plans on adding th...

yes

Another use case could be sending a message in a different channel

Description

When I time someone out, the audit log member_disconnect is called, I'm aware that timeouts kick the user if they're on a voice channel, but if they're not, the audit log event is called anyway.

Steps to Reproduce

1. Time someone out.
2. Check audit logs.

Expected Behavior
Don't call member_disconnect audit log event if the user isn't on a voice channel.

Current Behavior
It's called regardless of whether they are on a voice cha...

Can repro with Android 103.8 Alpha and 107.5 Alpha, in fact just discovered this issue today. My bot doesn't appear to be receiving events for autocomplete with grouped subcommands at all when on mobile, but works fine on desktop (Canary 108726 as well as Stable 108703)

Description
The
Steps to Reproduce

Expected Behavior

Current Behavior

Screenshots/Videos

Client and System Information

oops hit ctrl enter instead of shift enter

Description
The permissions list in the OAuth2 General tab for adding a default authorization link does not include the Moderate Members permission

Steps to Reproduce

• Open the applications page
• Select an application and go to the OAuth2 tab
• Select In-App Authorization as the authorization method and select the bot scope

Expected Behavior
The Moderate Members permission is present and can be selected

Current Behavior
The permission is not there

*...

The client seems to call the 1 << 40 permission "Timeout Members" instead of "Moderate Members". Will this be changed in the docs?

its internally Moderate Messages and the docs use the internal names (let's not do a repeat of the Use Application Commands mess)

it's internally Moderate Messages

Isn't this contradicting heymoo's comment 3 days ago?

a new MODERATE_MEMBERS = 1 << 40 permission was added to gate the ability to set and clear user timeouts.

I think that calling it Moderate Members is very ambiguous and conflicting when kick and ban use different permissions entirely.

Maybe we should refer to the FAQ page on Discord Support for how time outs work.
Since line 290 does this for how premium works, we could consider this as well:

https://support.discord.com/hc/en-us/articles/4413305239191-Time-Out-FAQ

it's internally Moderate Messages

Isn't this contradicting heymoo's comment 3 days ago?

a new MODERATE_MEMBERS = 1 << 40 permission was added to gate the ability to set and clear user timeouts.

how?

how?

One of them is _MESSAGES and the other is _MEMBERS. They're named two different things

sorry I made a mistake, it's members

The client seems to call the 1 << 40 permission "Timeout Members" instead of "Moderate Members". Will this be changed in the docs?

Good catch. To clarify: the permission name internally and for the purposes of the api is MODERATE_MEMBERS, with the intention that we keep it less specific to potentially allow additional future moderation actions to be grouped under this permission. You are right in that the client UI does currently refers to this as "Timeout Members". This was an inten...

this is a great idea 👍

Good catch. To clarify: the permission name internally and for the purposes of the api is MODERATE_MEMBERS, with the intention that we keep it less specific to potentially allow additional future moderation actions to be grouped under this permission. You are right in that the client UI does currently refers to this as "Timeout Members". This was an intentional choice to make the settings UI clearer for users. The idea is in the future if additional actions are grouped under this permission...

With this feature being released, I'll be marking this PR as ready to be merged.

It should be documented how long one can set a timeout for. From personal testing, it appears to be 5 weeks but it might be smarter to get an exact time from someone who works with the API.

With this feature being released, I'll be marking this PR as ready to be merged.

Thanks, we'll take one more look at this a bit later and get this merged in today.

It should be documented how long one can set a timeout for. From personal testing, it appears to be 5 weeks but it might be smarter to get an exact time from someone who works with the API.

I thought I saw max mentioned in this PR earlier, might have gotten lost after some of the suggestions I made re. descriptions. se...

From testing the max value is 27/28 days (tbh there shouldn't be a limit)

| Field                        | Type                | Description                                                                                                                                            | Permission       |
| ---------------------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| nick                    ...

7cd2237 Add locale fields to interaction structure - infinitestory

As it says on the tin. Will merge this when it actually goes out.

why isn't it on the user object?

Note that these internal permission names may be referred to differently by the Discord client. For example, "Manage Permissions" refers to MANAGE_ROLES, "Use Voice Activity" refers to USE_VAD, and "Timeout Members" refers to MODERATE_MEMBERS.

when a user uses an interaction they are providing data to the application; being able to access the data arbitrarily is more of a privacy issue

I think adding it to the user object would be a bad design. This is not a canonical user property and having a "interaction user" or something (a la thread member) would be complecting stuff.

I have to disagree

| Field                         | Type                                            | Description                                                                                                                                                                                                                          |
| ----------------------------- | ----------------------------------------------- | ----------------------------------------------------------------------------------...

When can this property be missing?

It seems to be on every guild member object.
Had no case yet, where it was missing.

| Field                        | Type                | Description                                                                                                                                                                                                                              | Permission       |
| ---------------------------- | ------------------- | ---------------------------------------------------------------------------------------------------------------------...

| Field                         | Type                                              | Description                                                                                                                                                                                                                          |
| ----------------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------...

oh this is a good point - @hemu is it optional?

also, is this field supported in the Add Guild Member endpoint?

| nick                         | string              | value to set user's nickname to                                                                                                                                                                                                          | MANAGE_NICKNAMES |

should also be fixed in add guild member (related: prev comment)

Could the permissions section be updated to explain how being timed out affects the permissions? Such as, which permissions it disables.

Shouldn't this add support for submitting localized versions of commands like was shown in the last developer event?

that is separate and waiting on client support to ship

That field is only sent for the current user (ie GET /users/@me) which most libraries already treat as a separate structure.

Honest question: if the UI shows it as "Timeout Members", would it be wrong to not keep a similar name for consistency reasons with the API as TIMEOUT_MEMBERS? All of the other permissions are kept generally 1:1 in naming with the API and UI because of (reasonably assuming) consistency and avoiding confusion. MODERATE_MEMBERS as the permission for timeouts in the API does add a slight amount of confusion imo as @MinnDevelopment mentioned. I think the actual naming of the permission is...

ah to be honest the optionality of fields from the perspective of the public api is always a tricky question to answer definitively. b/c the objects we define in the docs are defined more for convenience, so they can be referred to from other places in the docs rather than something that always maps 1:1 to how we use models internally. I think the best answer I can give is when we serialize the guild member model, we currently always seem to include the communication_disabled_until field. T...

Could the permissions section be updated to explain how being timed out affects the permissions? Such as, which permissions it disables.

great idea, I can add this as a followup

also, is this field supported in the Add Guild Member endpoint?

not currently. would the use case be to add a member that is already timed out initially?

also, is this field supported in the Add Guild Member endpoint?

not currently. would the use case be to add a member that is already timed out initially?

Wouldn't this overlap with the features of membership screening?

I was just asking to make sure it wasn't being missed in the docs, I don't have a use case

since from a pure data model perspective communication_disabled_until isn't a core field for the member model like joined_at is, how about we leave it as optional just in case, since I'd imagine the opposite -- assuming it is required now and at some point in the future an endpoint whose document references this Guild Member Object in docs fails to include this field -- is a worse developer experience. What do you think?

We should leave it as optional :)

alright going to merge this in and deploy at this point so we can make these core parts available -- can save improvements for follow up PR's at this point

b51c34f Document guild time outs (#4075) - NurMarvin

414d898 update changelog for timeout feature - hemu

Unsure if this is supposed to be possible:

{"payload_json":"{\"allowed_mentions\":{\"parse\":[]},\"content\":\"Hello\"}"}

This is a valid message create body, the docs list "payload_json" this as multipart/form-data only.

Add new documentation for the recently released guild member timeout feature.

this shouldn't be under the scheduled events header

## Guild Member Timeout

#### Dec 20, 2021

Add new documentation for recently released guild member timeout feature.

## Guild Scheduled Events

this shouldn't be under the scheduled events header
ah yea was fixing that in next commit, good catch :D

01454ed Apply suggestions from code review

• hemu

e73afc1 Update docs/Change_Log.md

• hemu

6f46ebc add permissions clarification - hemu

b10b065 reword permissions statement - hemu

Timed out members will temporarily lose all permissions except `VIEW_CHANNEL` and `READ_MESSAGE_HISTORY`. Owners and users with `ADMINISTRATOR` permissions are exempt.

I think admin users is too much

technically you're right but maybe in this case we can leave it just to make it extra clear, since devs are familiar with the term "admin user" we use elsewhere :)

1b27008 update changelog for timeout feature (#4266) - hemu

This is now present

I can still do this

It looks like you might just have global and guild commands with the same names; that's different from what the issue is describing.

ukehZMNNtM

I had a case where it even said I disconnected 5 users when I timed out a single bot.

The problem

Other bot creators that I know and I have run into the issue where the bot could not assign or edit a role above the bot's top role. Most robust bots will have an error message telling the user that this is impossible. The problem is that the user would need to retype the command, which could be quite an annoyance.

Functionality

I'd love to have a way to enforce the role position of the bot. Meaning, if a user tries to pass a role with a higher position than the top bo...

Would be nice to also have an option to exclude managed roles 👍

this will be fixed soon, thanks for reporting

I think this function would be very beneficial for partner servers or Discovery

Deduping with #4213

this is working as intended. until the message content restriction rollout our backend is overriding that flag to allow bots to consume message content.

5a40e8b Add .gitattributes (#4256) - MinnDevelopment

It is supposed to be possible, though its not an intended use case of the API.

Looks like this is happening in the client as opposed to the API; will take a look

46f0280 Tweak application_id wording on message objec... - Jiralite

0f13000 Complete content type string (#4257) - mikkoi

Thanks, I think this is fixed now

overall i don't find think this is a useful addition:

• changes to the api are breaking if they change existing documented behavior, which is already self-apparent. i don't think adding further qualifications is useful since they could be broken in the future.
• random html responses from our upstream providers (cloudflare or otherwise) would be part of outages, which are almost by definition not documented behavior.
• the documentation also already states that correct user agents are co...

77e1813 Add reconnect column to close code table (#4261) - MinnDevelopment

Hey, the APPS section should now not appear in context-menus once brought up.

Thanks for the PR. At this time we don't want to document this route. You should instead always use GET /sticker-packs and filter from there

I had a case where it even said I disconnected 5 users when I timed out a single bot.

I'm guessing it was 5 users b/c there were prob 5 instances where you timed out a user and each one of those had a disconnect log entry which were all grouped together.

this should be fixed now. going to close this out but feel free to reopen an issue if you still notice this.

Description
When the timeout automatically ends it doesn't send a GUILD_MEMBER_UPDATE event.

Steps to Reproduce

1. Listen to the event
2. Timeout a test account
3. Wait for it to automatically end.
4. The event doesn't fire

Expected Behavior
To send communication_disabled_until: null when the timeout automatically ends.

Current Behavior
It doesn't fire the event.

Client and System Information
API: v9
Gateway: v9

Note
The event does fir...

the reason this is happening is because we don't go out of our way to change the communication_disabled_until field once the timeout naturally expires, so there is no update. We let the value continue to be the existing datetime which is now in the past, and since the user is only timed out until the communication_disabled_until value, a datetime in the past means no longer timed out

This makes sense on the client side, it makes logging for bots much more involved though. There is no audit log entry on timeout expiry, and there's no event, so we basically have to track the timeouts manually like we did when we did it with roles. I wouldn't necessarily consider this a bug, but I would like this to be changed or rectified in some other manner.

Description

When utilizing allowed_mentions to prevent mentioning the replied user in a reply, you must also specify other allowed mentions.

Not sure if this is intentional design behavior, but it feels unintuitive to me.

Steps to Reproduce

POST a new message to a channel with a mention, with allowed_mentions: { replied_user: false } (it does not actually need to be a reply, also the replied_user key can be literally any other invalid key)

**Expected Behav...

I can reproduce this, with the added note that an empty allowed_mentions object behaves the same as a non-present one:

this behavior was discussed a lot when replies were released, iirc it's intentional

Setting a subcommand as the default when no subcommands are specified seems like an elegant solution. I love this idea.

yea I agree the current implementation doesn't allow for the best dev experience for those of you who want to be able to react to timeout expirations easily. Realistically based on what would be involved here and current priorities for the timeout feature, I am pretty sure support for this use case won't be offered any time soon, sorry :( but we'll note this as a use case that some devs want and consider this for the future

Yes can also confirm, this is not an issue caused by sub commands. You can not scroll through the commands list if you have started typing the command. It does work on mobile, just not on the desktop client.
Please fix! :)

Greetings, everyone. We just spent a bunch of time going through button possibilities and decided we are not going to add more button styles. In general, we think button styles should be tied to behavior, not the color itself. For example, green to indicate success, red to indicate danger, etc. We also want to ensure that the styles we add to our public API reflect the best practices that we use in the client (outline buttons, for example, can raise accessibility issues).

So despite bu...

Greetings, everyone. We just spent a bunch of time going through button possibilities and decided we are not going to add more button styles. In general, we think button styles should be tied to behavior, not the color itself. For example, green to indicate success, red to indicate danger, etc. We also want to ensure that the styles we add to our public API reflect the best practices that we use in the client (outline buttons, for example, can raise accessibility issues).

So despite bu...

Yeah, coming back to this now, I really only wanted another secondary button style as the primary feels so different.

Anyways, most of that desire I have realized could definitely be satisfied by future components

If you want to automatically change the bot's profile every month, for example, you can do it with PATCH users/@me.

This worked brilliantly until the application commands came along. This is because with these, the bot icon is not shown, but the application icon.
^ I therefore suggest 2 solutions:
1. Change it to show the bot icon
2. Enable application for bots
3. Other ?:?

What are the edge cases where locale is not provided? As far as I can see, it is always provided. The same for guild_locale it seems to be always en-US for non-community guilds.

Guild locale is missing iirc in DMs instead of being null.
But I'm not sure.

@Victorsitou that is answered in a note below the table

@advaith1 oh, I completely missed that, thanks!

I have an HTML page serving an .mp4 video, with the following head information:

When I send the link to the webpage through Discord, the video preview doesn't work, and I notice this failed request (blurred file name because it's irrelevant):

Am I doing something incorrectly, or is it just not functioning right?

It was working correctly with ima...

Any update on this? This is still a major pain point for all bot developers that switch to slash commands.

So locale is expected to always be present (except for PING interactions) and guild_locale for all interactions on a guild, right?

Description
I have a bot, that doesn't have a bot token (only http interactions). I set authorization method in its OAuth2 settings. But I don't see a Add to server button in my server

Steps to Reproduce

• have a bot without token
• set authorization method
• make it respond (or not respond) to command so we can see its profile
• see no button

Expected Behavior
there will be a button in profile that will add bot to server

Current Behavior
there is no ...

Have you tried it with the stable version?

This was noted by the Bots team in the Recent Developer Stage and it was noted that this is a known issue caused by profile loading glitches.

Have you tried it with the stable version?

No, but i will try it in web version

This was noted by the Bots team in the Recent Developer Stage that this is a known issue caused by profile loading glitches.

Oh, so i can close issue

wanted to note that "no bot account" is different from "http-only bot"; you can have a http-only bot that has a bot account and it should display the button

Talked to Minn, but as a quick update the PUT endpoint is idempotent, but the POST update isn't. After break is over I'll talk with the team about whether we'd like to change that behavior or not 👍

I think it would easiest to just go to the developer portal and change the bot icon manually,, I understand the point of having to do it automatically since it would be automatic and you can really forget doing it. But changing it manually will just take 30 seconds or 2 minutes in maximum.

wanted to note that "no bot account" is different from "http-only bot"; you can have a http-only bot that has a bot account and it should display the button

okay i ll note that, but i have no bot account

You're right, but when you want to change your avatar every day (for example xelA who changes it, doesn't have slash commands) nobody wants to do it manually.

I don't think Discord wants you to change your bot's avatar once every day, that falls under the definition of API abuse

I don't think Discord wants you to change your bot's avatar once every day, that falls under the definition of API abuse

I don't think the daily changing of the profile card has anything to do with the violation. Alternatively, just for those significant moments and stuff, a lot of times one forgets about it with a lot of obligations and it's a nice detail.

It definitely does fall under ''doing X every Y''

Hi, if I post a link of my website in Discord, it doesn't load the embedd (it works correctly with on other platforms).
It doesn't embed any of the links of my website https://wyld.moe or https://elry.moe What could be the problem?
All the options to embed links are enabled in Discord and the website metatags are correctly set with Open Graph.

Are you sure that the metatags corretly set?

Are you sure that the metatags corretly set?

Yes, due to them working on whatsapp.

this is probably due to your website
btw, your meta tags must look something like this

  <meta content="Title" property="og:title" />
  <meta content="Description" property="og:description" />
  <meta content="Title URL" property="og:url" />
  <meta content="Icon path" property="og:image" />

Buddy, they work on Whatsapp.
Here are they:
` <!-- WEBSITE TITLE & DESCRIPTION -->
<title>WYLD - You vs the Wild.</title>
<meta name="description" content="Gather Resources, Fight Wildlife and build a Home.">
<meta name="keywords" content="game, landing page, gaming, business, wild, wyld, steam">

<!-- OG meta tags that improve the look of your post on social media -->
<meta property="og:site_name" content="WYLD" /><!--website name-->
<meta property="og:si...

It definitely does fall under ''doing X every Y''

Doing change every day lol

So idk whats happening, but from me everything is set correctly.

Can you try my code?

Btw, whatsapp is not discord.

Your code is litterally in my code.
My other website has the Title tag and is not behaving any differently.

I replaced, Site_Name with Title, and nothing has changed.

https://stackoverflow.com/questions/54266598/meta-tags-for-url-with-description-and-image-in-skype-discord

https://stackoverflow.com/questions/54266598/meta-tags-for-url-with-description-and-image-in-skype-discord

All of the named og tags are properly set on both of my websites.

night listed a few cases that can make the embedding fail: https://github.com/discord/discord-api-docs/issues/4146#issuecomment-983105972

Notably, he linked https://ogp.me/ which says that 4 properties are required. None of your websites includes all required properties. I would first try to include all these properties.

Also, Discord can cache an old version of your OG tags. So when testing, be sure to include something like ?test=<random value> at the end of your URL to force Discor...

None of your websites includes all required properties. I would first try to include all these properties.

How much more do i have to say that EVERYTHING IS SET CORRECTLY, please guys.

When I posted my comment, the og:type wasn't set on any of your websites.

Do you have access to the logs of the webserver? If so, do you see a request coming from Discord when posting the link in a message? (the user agent will contain Discordbot/2.0 iirc).

There is no Discordbot/2.0

These webhook endpoints support X-Audit-Log-Reason header but wasn't documented. This pull request documents them.

You forgot to include the for each of the info notes.

- > This endpoint supports `X-Audit-Log-Reason` header.
+ > This endpoint supports the `X-Audit-Log-Reason` header.

You forgot to include the for each of the info notes.

- > This endpoint supports `X-Audit-Log-Reason` header.
+ > This endpoint supports the `X-Audit-Log-Reason` header.

Thanks, fixed.

I've forgot to mention it when initially making this post, but this had spontaneously come back into relevance whilst talking on Discord.

While the body of this issue has a far narrower scope than the title would imply, this actually does apply to more than just interactions, though with the direction Discord wants to steer developers, interactions are the most important, hence the initial message that spawned this discussion.

I wanted to list some examples of what can really only be de...

discord.js v13.4.0 and I'm also having the same issue.

Embed works properly, see below.

do you have the embed links permission?

Description

When a capital letter is typed while entering a ROLE or MENTIONABLE option type, the role autocomplete disappears, unless an @ was typed at the beginning of the option value. To select a role, you must either prefix it with @ or type its name all lowercase.

This issue is present on Desktop and iOS (idk about Android)

Steps to Reproduce

1. Have a slash command option with type ROLE or MENTIONABLE
2. Select the command and type a capital letter while sel...

seems to be a duplicate of #3286

i wouldnt say so since mine is for passing multiple values for one argument where as #3286 is about using one argument more than one times

The amount of stupid people here is insane...

For future visitors, what did you do to fix this? Was it the missing type tag?

For future visitors, what did you do to fix this? Was it the missing type tag?

Contact your Hoster, they blocked discords bot.

In Android if u don't use @ them there will be no autocomplete.

In Android if u don't use @ them there will be no autocomplete.

Just one style thing:

  "stickers": []

Description

Setting the flag SUPPRESS_JOIN_NOTIFICATION_REPLIES reference seems to no longer have any effect.

Steps to Reproduce

Set the flag value

Expected Behavior

I'm expecting sticker reply prompts on join messages to be suppressed.

Current Behavior

Sticker prompts are still there. This was not the case at some point in the past
(ie. This flag was working as ad...

try clearing your guild's settings (set flags to 0) and then setting the SUPPRESS_JOIN_NOTIFICATION_REPLIES flag.

i don't know if it's the same issue, but this same behaviour was caused by iirc broken state between internal API and guilds services a month or two ago

dupe of #4147

Description

When clicking on avatars of older messages of webhooks, the wrong profile is shown.

• Affected project: https://github.com/Half-Shot/matrix-appservice-discord/issues/757

Steps to Reproduce

1. Setup a bot which uses webhooks to send messages for different users. E.g. the matrix bridge using t2bot.io
2. Send messages from different users
3. when clicking on the profile pictur...

fwiw this behavior has always happened and been known, unfortunately it'll probably never change

https://github.com/discord/discord-api-docs/discussions/3447

wtf?

Bots could use the "Note" feature that normal users see on the profiles of other accounts for a mini-database of sorts, it just seems like a handy inbuilt way to store information about users

Discord isn't meant to be used as a database for bots, you can store whatever info you need on your own server

1 << 8

Currently, there is no easy way to determine when a member's timeout gets removed, as we only get a GUILD_MEMBER_UPDATE event for when the timeout is added. This is likely because the communication_disabled_until property never gets reset when this happens. I'd like to suggest a change in this behavior so that we can receive this event as that would open other possibilities for bot developers with this new feature.

https://github.com/discord/discord-api-docs/issues/4269#issuecomment-999705172

Ah I didn’t know this had already been reported. It’s quite annoying that this won’t happen soon since this forces us to keep legacy systems from when we used to mute people with roles like ckohen said, but I guess we’ll have to wait for that. Thanks!

https://github.com/discord/discord-api-docs/issues/4269#issuecomment-999705172

This page needs the communication_disabled_until audit log change key documented (which seems to have been missed from #4075).

This close #4284 adding the missing key in auditlogs

I have to get more info.

This PR adds documentation for the bio field, which is sent to bots on the /users/@me endpoint.

Are you sure this is sent? I'm not seeing it.

Wait I'm an idiot, one moment

Wait I'm an idiot, one moment

With proper OAauth2 this time, I'm still not seeing it w/ the identify scope

This only appears for using /users/@me with Authorization: Bot [TOKEN]

Imo this is useless to document

This only appears for using /users/@me with Authorization: Bot [TOKEN]

Imo this is useless to document

I think it should be documented as soon as it is sent to the bot

Well a field that's always going to be empty, and is unused in favor of a description field on the application seems a little redundant to document.

It's empty but you still receive it, therefore anyone looking at the docs should be able to know what is it for, we could specify it's unused for now or something, but if it's there then it should be documented

bots receive a lot of undocumented stuff, this isn't new behaviour

| bio?          | string    | the user's bio                                                                                       | identify              |

If your account gets "hacked" (= password compromised) and does not have 2FA enabled then the attacker can just simply activate 2FA with THEIR Authenticator app.

Adding a bot to bypass is not the threat. The "2FA requirement for mods" is only an incentive for people to activate it ahead of being compromised.

It would be nice to have slash commands splitted into categories in slash command list!
Like this:
I have 5 commands:

• Kick
• Ban
• Scream
• Info
• Ping

Instead of seeing the slash commands within 5 command, it would be nicer to see this in the slash list:
MODERATION
/kick
...
/ban
...
FUN
/scream
...
GENERAL
/info
...
/ping
...

Subcommands and Subcommand-Groups exist fyi.

OFC they are visually not separate
but i dont think this is a great idea.

splitting commads into categories would introduce more visual confusion, people are already having hard time understanding slash commands and how they work

It's a great idea maybe when it's exists a setting in the client for toggle this off.

It's a great idea maybe when it's exists a setting in the client for toggle this off.

Duplicate of https://github.com/discord/discord-api-docs/discussions/3349

As mentioned by staff countless times before, the docs are only meant for fields and routes which bots can use.
As long as bots can't access the bio field (which will probably never happen due to privacy concerns), this shouldn't be documented.

As mentioned by staff countless times before, the docs are only meant for fields and routes which bots can use. As long as bots can't access the bio field (which will probably never happen due to privacy concerns), this shouldn't be documented.

Bots do access the bio field, as mentioned in the PR description

getting an empty string is not the same as "accessing", and it isn't "the user's bio". also, saying that it's returned when authorized with the identify scope is just wrong.

there's no point in documenting this when it's only available as an empty string in one endpoint.

I honestly think they're useless...

Duplicate of https://github.com/discord/discord-api-docs/discussions/3349

What sort of strings can we expect to see as a locale? ISO 639? (I could probably test myself eventually, but having it in the documentation is better)

@A5rocks current locales of discord are:

de | German
en-GB | English, UK
en-US | English, US
es-ES | Spanish
fr | French
hr | Croatioan
it | Italian
lt | Lithuanian
hu | Hungarian
nl | Dutch
no | Norwegian
pl | Polish
pt-BR | Portuguese, Brazilian
ro | Romanian, Romania
fi | Finnish
sv-SE | Swedish
vi | Vietnamese
tr | Turkish
cs | Czech
el | Greek
bg | Bulgarian
ru | Russian
uk | Ukrainian
hi | Hindi
th | Thai
zh-CN | Chinese, China
ja | Japanese
zh-TW | Chinese...

Source of the locales posted by @Lulalaby: https://discord.com/developers/docs/dispatch/field-values#predefined-field-values-accepted-locales

Since its buried in the docs, I figured I'd post it here, however, we do not yet know if this is the complete list that the interaction locale will be using.

This list is what discord returns if you transmit a wrong localization 😅

At the very minimum, the default behavior should not be discarded when garbage properties are defined.

I think, with new discord update. Bots need a date selection for slash commands right?

This has already been confirmed as being on the roadmap.

https://gist.github.com/NovaFox161/74a92ca07353df67a7e73d8c80fbe8cc

Can someone tell me how to fix it since the trello board got deleted

Intro

I think guild_id should be present at-least in the following endpoints:

GET /channels/{channel.id}/messages
GET /channels/{channel.id}/messages/{message.id}

would be grateful if it is also added in
PATCH method too

Reason

when using these endpoints , there are 2 main params, ( channelId and messageId)

and the object that is returned on success ( taking Guild Text Channel as example ) is like this:

{
  id: Snowflake,
  type: 0,
  content: 'hello...

Hi,
My question is that why we cannot add more than 10 redirect uri in discord oauth2.
When I try to add eleventh redirect uri, it gives me an error which is given below:
"You provided an invalid redirect URI."
I don't know why?

this seems to be a bad error message, the actual error is "the list of redirect URLs cannot be longer than 10". consider using state key instead of adding many URLs as redirects, if possible

This has already been denied in the past: #912

This has already been denied in the past: #912

ok thx

ok thanks

Closes #1522

Closes #2102

Description

https://discord.com/developers/docs/resources/webhook#create-webhook describes restrictions for webhook names. It also links to https://discord.com/developers/docs/resources/user#usernames-and-nicknames for additional restrictions. When testing how exactly they apply I noticed that some of them don't actually hold true and some could use some clarification.

Steps to Reproduce

Create a webhook for a channel through the API. Execute the webhook to send a message, pr...

Is this a requirement in our API? As far as I'm aware, we accept those values and then flask modifies them inline. I don't think we need to document that

Talked with Minn in DAPI, going to look into whether we can convert the attachment:// filename as well, if it matches an uploaded file

| Field         | Type    | Description                                                                                         |
| ------------- | ------- | --------------------------------------------------------------------------------------------------- |
| value         | string  | value of input text component, will be an empty string if no value submitted                        |
| type\*        | integer | the [type](#DOCS_INTERACTIONS_MESSAGE_COMPONENTS/component-ob...

This has already been confirmed as being on the roadmap.

https://gist.github.com/NovaFox161/74a92ca07353df67a7e73d8c80fbe8cc

also this is a duplicate of #3303 (which should stay open until it's added)

• duplicate of #3303

Sorry, I didn't see

Thank you!

In the API Docs it says that Stage Discovery is not yet entered as "deprecated".

Alignment

| discoverable_disabled | boolean   | Whether or not Stage Discovery is disabled (deprecated)                                                       |

1. let's specify non-nullable type ?ISO8601 timestamp. I don't think null values are included as part of the change

2. would be good to keep description more consistent with surrounding description and maybe make the guild scope clear since we are just using 'user' -- maybe something like: "user guild timeout state changed" ? Also it's probably ok to not include the link to t...

Closes issue #2517

You should probably mention that these are anonymized

the widget members aren't actual user objects, they should be documented as a separate structure

I've never used notes on a serious level, but if I ever were to, I still would not see the benefit of it over your own database. Client enhancements such as these shouldn't be relied on for your bot's needs.

I feel like using the warning admonition would be better here instead of adding (deprecated) to the table contents. It's a better visual flair imo to informing the developer about an upcoming deprecated field.

I was about to create a PR about this after hours of crying and frustration over the flags not changing when I saw this opened. Is there a follow-up on the merging status for this?

Do the deaf and mute fields actually appear in any sense (as in existing but given null values) or do not return from the API schema at all?

These fields only appear to be present via the REST API, being sent via Voice state update events over ws, to further the point

It may be worth adding a note admonition clarifying this

I feel like using the warning admonition would be better here instead of adding (deprecated) to the table contents. It's a better visual flair imo to informing the developer about an upcoming deprecated field.

I think (deprecated) is enough.

Three new permission bits have been added, `CREATE_PUBLIC_THREADS`, `CREATE_PRIVATE_THREADS`, and `SEND_MESSAGES_IN_THREADS`.

> note
> `SEND_MESSAGES` has no effect in threads; users must have `SEND_MESSAGES_IN_THREADS` to talk in a thread.

This respects the usage of the note admonition seen across the documentation

This feature has been out for a little while now AFAIK, is the new information about the banner field in the Guild object still relevant?

> The fields `id`, `discriminator` and `avatar` are anonymized to prevent abuse.

(This issue is a copy of the pre-existing GameSDK issue located here)

Description

Attempting to call IDiscordImageManager::fetch will always return an DiscordResult_InternalError via callback. We then can't run get_dimensions or get_data, as these return DiscordResult_NotFetched.

Steps to Reproduce

Minimal reproduction project:

#include "discord_game_sdk.h"

#include 
#include 

void fetch_callback...

03b60d1 Document limit max value for GET event users - hemu

743cd23 Document max value for GET event users limit pa... - hemu

Hello, i need help.
I test this api https://discord.com/developers/docs/resources/application using API link:
https://discordapp.com/api/applications/905544503258120272 (905544503258120272 is my bot id)

however, the api gives me the following error message:
{"message": "Bots cannot use this endpoint", "code": 20001}

when I do an
Authorization: Bot

I try to find out how to use this API, however, no postman doc or even some github can help me.

Would you help m...

Only users can manage applications

Are you looking for Get Current Bot Application Information? That would be a GET request to https://discord.com/api/v9/oauth2/applications/@me with your authorization header.

This could probably be closed since well you cant lurk public stages anymore

I opened a pull request yesterday regarding Stage Discovery https://github.com/discord/discord-api-docs/pull/4296 btw

Hello,
How do then Top.gg to display:

• Description (bio) of the bot
• Bot's avatar
• Calculate the number of servers the bot is on

it fetches the first two with /users/:id with the bot user id, and it doesn't calculate the number of servers; the bot gets its own server count from its guild cache and posts it to the bot list with the list's API.

there is /applications/:id/rpc but it's unfortunately undocumented and not supported for bots, and it doesn't return owner or server count

feature request for a supported get application endpoint that does return that data:

• https://github.com/discord/discord-api-docs/disc...

it fetches the first two with /users/:id with the bot user id, and it doesn't calculate the number of servers; the bot gets its own server count from its guild cache and posts it to the bot list with the list's API.

there is /applications/:id/rpc but it's unfortunately undocumented and not supported for bots, and it doesn't return owner or server count

feature request for a supported get application endpoint that does return that data:

• [[Feature Request] Endpoint to f...

👍🏼

Ok based in @hemu feedback i make the changes for format and object type (i need learn how to use table in markdown because in vscode the format is the worst)

Seems like the mail didn't worked.
Alt + Z should help you in vsc

I feel like using the warning admonition would be better here instead of adding (deprecated) to the table contents. It's a better visual flair imo to informing the developer about an upcoming deprecated field.

I thought about it again, it would not be a bad idea after all

i would just put "deprecated" in the description and nothing more.

| PUBLIC     | 1     | The Stage instance is visible publicly. (deprecated)                |

Might want to add a (deprecated) here aswell since public stages dont work anymore.

but there is still the activity iirc

Yes it still shows in the users presence, but thats a bug, the idea of a stage being "public" was you can join it without being a member, this behavior is gone so realistically its deprecated

ah, kk.

The ? is missing

| communication_disabled_until | [member](#DOCS_RESOURCES_GUILD/guild-member-object) | ?ISO8601 timestamp | member timeout state changed |

i test and never get a null when remove the timeout, and based in hemu the nullable are specify in change

@devsnek This has also been changed, this behavior has disappeared, so realistic it's outdated.

Is there an update on this? I would really appreciate this feature. IP-Whitelisting would make the bot a lot less vulnerable.

Description
Public threads which are created on a message have the same id as the message. This leads to the issue of the not being able to calculate an accurate creation time for the thread and instead having to rely on other methods to obtain this, which aren't always viable or as accurate such as fetching audit logs or the first message in the thread.

Steps to Reproduce

• Create a new public thread on a message.
• Observe the id of the thread and the id of the message.

**E...

The thread ID matching the message ID is a deliberate decision and how we look up the thread belonging to a message. This won't change.

Could a valid creation timestamp be added to the thread payload?
On former channel types, we can easily destructure it from the snowflake but here this isn't possible for threads. Some way to get the point of creation and by extension age of the channel would be highly appreciated.