Audit Logs Resource
When an administrative action is performed in a guild, an entry is added to its audit log. Viewing audit logs requires the VIEW_AUDIT_LOG permission and can be fetched using the Get Guild Audit Log endpoint. All audit log entries are stored for 45 days.
Audit Reason
When performing an eligible action using the API, users can pass an X-Audit-Log-Reason header to indicate why the action was taken. More information is in the audit log entry section.
Audit Log Object
Audit Log Structure
| Field | Type | Description |
|---|---|---|
| audit_log_entries | array[audit log entry object] | Audit log entries |
| application_commands | array[application command object] | Application commands referenced in the audit log |
| auto_moderation_rules | array[automod rule object] | AutoMod rules referenced in the audit log |
| guild_scheduled_events | array[guild scheduled event object] | Guild scheduled events referenced in the audit log |
| integrations | array[partial integration object] | Partial integrations referenced in the audit log |
| threads 1 | array[thread-specific channel object] | Threads referenced in the audit log |
| users | array[user object] | Users referenced in the audit log |
| webhooks | array[webhook object] | Webhooks referenced in the audit log |
1 Threads referenced in THREAD_CREATE and THREAD_UPDATE events are included in the threads map, since archived threads might not be kept in memory by clients.
Audit Log Entry Object
Each audit log entry represents a single administrative action (or event), indicated by action_type. Most entries contain one to many changes in the changes array that affected an entity in Discord—whether that's a user, channel, guild, emoji, or something else.
The information (and structure) of an entry's changes will be different depending on its type. For example, in MEMBER_ROLE_UPDATE events there is only one change: a member is either added or removed from a specific role. However, in CHANNEL_CREATE events there are many changes, including (but not limited to) the channel's name, type, and permission overwrites added. More details are in the change object section.
Users can specify why an administrative action is being taken by passing an X-Audit-Log-Reason request header, which will be stored as the audit log entry's reason field. The X-Audit-Log-Reason header supports up to 512 URL-encoded UTF-8 characters. Reasons are visible in the client and when fetching audit log entries with the API.
Audit Log Entry Structure
| Field | Type | Description |
|---|---|---|
| target_id | ?string | ID of the affected entity (webhook, user, role, etc.) |
| changes? | array[audit log change object] | Changes made to the `target_id`` |
| user_id | ?snowflake | The user who made the changes |
| id | snowflake | The ID of the entry |
| action_type | integer | The type of action that occurred |
| options? | optional audit entry info | Additional info for certain action types |
| reason? | string | The reason for the change (max 512 characters) |
Audit Log Events
The table below lists audit log events and values (the action_type field) that you may receive.
The Object Changed column notes which object's values may be included in the entry. Though there are exceptions, possible keys in the changes array typically correspond to the object's fields. The descriptions and types for those fields can be found in the linked documentation for the object.
If no object is noted, there won't be a changes array in the entry, though other fields like the target_id still exist and many have fields in the options array.
| Event | Value | Description | Object Changed |
|---|---|---|---|
| GUILD_UPDATE | 1 | Guild settings were updated | Guild |
| CHANNEL_CREATE | 10 | Channel was created | Channel |
| CHANNEL_UPDATE | 11 | Channel settings were updated | Channel |
| CHANNEL_DELETE | 12 | Channel was deleted | Channel |
| CHANNEL_OVERWRITE_CREATE | 13 | Permission overwrite was added to a channel | Channel Overwrite |
| CHANNEL_OVERWRITE_UPDATE | 14 | Permission overwrite was updated for a channel | Channel Overwrite |
| CHANNEL_OVERWRITE_DELETE | 15 | Permission overwrite was deleted from a channel | Channel Overwrite |
| MEMBER_KICK | 20 | Member was removed from guild | |
| MEMBER_PRUNE | 21 | Members were pruned from guild | |
| MEMBER_BAN_ADD | 22 | Member was banned from guild | |
| MEMBER_BAN_REMOVE | 23 | Member was unbanned from guild | |
| MEMBER_UPDATE | 24 | Member was updated in guild | Member |
| MEMBER_ROLE_UPDATE | 25 | Member was added or removed from a role | Partial Role 1 |
| MEMBER_MOVE | 26 | Member was moved to a different voice channel | |
| MEMBER_DISCONNECT | 27 | Member was disconnected from a voice channel | |
| BOT_ADD | 28 | Bot user was added to guild | |
| ROLE_CREATE | 30 | Role was created | Role |
| ROLE_UPDATE | 31 | Role was edited | Role |
| ROLE_DELETE | 32 | Role was deleted | Role |
| INVITE_CREATE | 40 | Guild invite was created | Invite and Invite Metadata 1 |
| INVITE_UPDATE | 41 | Guild invite was updated | Invite and Invite Metadata 1 |
| INVITE_DELETE | 42 | Guild invite was deleted | Invite and Invite Metadata 1 |
| WEBHOOK_CREATE | 50 | Webhook was created | Webhook 1 |
| WEBHOOK_UPDATE | 51 | Webhook properties or channel were updated | Webhook 1 |
| WEBHOOK_DELETE | 52 | Webhook was deleted | Webhook 1 |
| EMOJI_CREATE | 60 | Emoji was created | Emoji |
| EMOJI_UPDATE | 61 | Emoji name was updated | Emoji |
| EMOJI_DELETE | 62 | Emoji was deleted | Emoji |
| MESSAGE_DELETE | 72 | Single message was deleted | |
| MESSAGE_BULK_DELETE | 73 | Multiple messages were deleted | |
| MESSAGE_PIN | 74 | Message was pinned to a channel | |
| MESSAGE_UNPIN | 75 | Message was unpinned from a channel | |
| INTEGRATION_CREATE | 80 | Integration was added to guild | Integration |
| INTEGRATION_UPDATE | 81 | Integration was updated (e.g. its scopes were updated) | Integration |
| INTEGRATION_DELETE | 82 | Integration was removed from guild | Integration |
| STAGE_INSTANCE_CREATE | 83 | Stage instance was created (stage channel becomes live) | Stage Instance |
| STAGE_INSTANCE_UPDATE | 84 | Stage instance details were updated | Stage Instance |
| STAGE_INSTANCE_DELETE | 85 | Stage instance was deleted (stage channel no longer live) | Stage Instance |
| STICKER_CREATE | 90 | Sticker was created | Sticker |
| STICKER_UPDATE | 91 | Sticker details were updated | Sticker |
| STICKER_DELETE | 92 | Sticker was deleted | Sticker |
| GUILD_SCHEDULED_EVENT_CREATE | 100 | Event was created | Guild Scheduled Event |
| GUILD_SCHEDULED_EVENT_UPDATE | 101 | Event was updated | Guild Scheduled Event |
| GUILD_SCHEDULED_EVENT_DELETE | 102 | Event was cancelled | Guild Scheduled Event |
| THREAD_CREATE | 110 | Thread was created in a channel | Thread |
| THREAD_UPDATE | 111 | Thread was updated | Thread |
| THREAD_DELETE | 112 | Thread was deleted | Thread |
| APPLICATION_COMMAND_PERMISSION_UPDATE | 121 | Permissions were updated for a command | Application Command Permission 1 |
| AUTO_MODERATION_RULE_CREATE | 140 | AutoMod rule was created | AutoMod Rule |
| AUTO_MODERATION_RULE_UPDATE | 141 | AutoMod rule was updated | AutoMod Rule |
| AUTO_MODERATION_RULE_DELETE | 142 | AutoMod rule was deleted | AutoMod Rule |
| AUTO_MODERATION_BLOCK_MESSAGE | 143 | Message was blocked by AutoMod | |
| AUTO_MODERATION_FLAG_TO_CHANNEL | 144 | Message was flagged by AutoMod | |
| AUTO_MODERATION_USER_COMMUNICATION_DISABLED | 145 | Member was timed out by AutoMod | |
| AUTO_MODERATION_QUARANTINE_USER | 146 | Member was quarantined by AutoMod | |
| CREATOR_MONETIZATION_REQUEST_CREATED | 150 | Creator monetization request was created | |
| CREATOR_MONETIZATION_TERMS_ACCEPTED | 151 | Creator monetization terms were accepted | |
| ONBOARDING_PROMPT_CREATE | 163 | Onboarding prompt was created | Onboarding Prompt |
| ONBOARDING_PROMPT_UPDATE | 164 | Onboarding prompt was updated | Onboarding Prompt |
| ONBOARDING_PROMPT_DELETE | 165 | Onboarding prompt was deleted | Onboarding Prompt |
| ONBOARDING_CREATE | 166 | Onboarding was created | Onboarding |
| ONBOARDING_UPDATE | 167 | Onboarding was updated | Onboarding |
| VOICE_CHANNEL_STATUS_UPDATE | 192 | Voice channel status was updated | Channel |
| VOICE_CHANNEL_STATUS_DELETE | 193 | Voice channel status was deleted | Channel |
1 Object has exception(s) to available keys. See the exceptions section below for details.
Optional Audit Entry Info
| Field | Type | Description | Action Type |
|---|---|---|---|
| application_id? | snowflake | The ID of the application whose permissions were targeted | APPLICATION_COMMAND_PERMISSION_UPDATE |
| auto_moderation_rule_name? | string | The name of the AutoMod rule that was triggered | AUTO_MODERATION_BLOCK_MESSAGE, AUTO_MODERATION_FLAG_TO_CHANNEL, AUTO_MODERATION_USER_COMMUNICATION_DISABLED, AUTO_MODERATION_QUARANTINE_USER |
| auto_moderation_rule_trigger_type? | string | The trigger type of the AutoMod rule that was triggered | AUTO_MODERATION_BLOCK_MESSAGE, AUTO_MODERATION_FLAG_TO_CHANNEL, AUTO_MODERATION_USER_COMMUNICATION_DISABLED, AUTO_MODERATION_QUARANTINE_USER |
| channel_id? | snowflake | The channel in which the entities were targeted | MEMBER_MOVE, MESSAGE_PIN, MESSAGE_UNPIN, MESSAGE_DELETE, STAGE_INSTANCE_CREATE, STAGE_INSTANCE_UPDATE, STAGE_INSTANCE_DELETE |
| count? | string | Number of entities that were targeted | MESSAGE_DELETE, MESSAGE_BULK_DELETE, MEMBER_DISCONNECT, MEMBER_MOVE |
| delete_member_days? | string | Number of days after which inactive members were kicked | MEMBER_PRUNE |
| id? | snowflake | The ID of the overwritten entity | CHANNEL_OVERWRITE_CREATE, CHANNEL_OVERWRITE_UPDATE, CHANNEL_OVERWRITE_DELETE |
| integration_type? | string | The type of integration which performed the action | MEMBER_KICK, MEMBER_ROLE_UPDATE |
| members_removed? | string | Number of members removed by the prune | MEMBER_PRUNE |
| message_id? | snowflake | The ID of the message that was targeted | MESSAGE_PIN, MESSAGE_UNPIN |
| role_name? | string | The name of the role (only present if type is "0") | CHANNEL_OVERWRITE_CREATE, CHANNEL_OVERWRITE_UPDATE, CHANNEL_OVERWRITE_DELETE |
| type? 1 | string | The type of overwritten entity | CHANNEL_OVERWRITE_CREATE, CHANNEL_OVERWRITE_UPDATE, CHANNEL_OVERWRITE_DELETE |
| status | string | The new status of the voice channel | VOICE_CHANNEL_STATUS_UPDATE |
1 Due to technical limitations, this field is always serialized as a string, not an integer.
Audit Log Change Object
Many audit log events include a changes array in their entry object. The structure for the individual changes varies based on the event type and its changed objects, so apps shouldn't depend on a single pattern of handling audit log events.
Audit Log Change Structure
Some events don't follow the same pattern as other audit log events. Details about these exceptions are explained in the next section.
| Field | Type | Description |
|---|---|---|
| new_value? | mixed (matches object field's type) | New value of the key |
| old_value? | mixed (matches object field's type) | Old value of the key |
| key | string | Name of the changed entity, with a few exceptions |
Audit Log Change Exceptions
For most objects, the change keys may be any field on the changed object. The following table details the exceptions to this pattern.
| Object Changed | Change Key Exceptions | Change Object Exceptions |
|---|---|---|
| AutoMod Rule | $add_keyword_filter, $remove_keyword_filter, $add_regex_patterns, $remove_regex_patterns, $add_allow_list, $remove_allow_list as keys | new_value and old_value are arrays of strings representing the keywords, regex patterns, or allow list items that were added or removed |
| Application Command Permission | A snowflake is used as the key | The changes array contains objects with a key field representing the entity whose command was affected (role, channel, or user ID), a previous permissions object (with an old_value key), and an updated permissions object (with a new_value key) |
| Guild Member | Additional bypasses_verification key (instead of object's flags) | new_value and old_value are booleans representing whether the member bypasses verification |
| Invite and Invite Metadata | Additional channel_id and inviter_id keys (instead of object's channel.id and inviter.id) | |
| Partial Role | $add and $remove as keys | new_value is an array of objects that contain the role id and name |
Partial Integration Object
Partial Integration Structure
| Field | Type | Description |
|---|---|---|
| id | snowflake | The ID of the integration |
| name | string | The name of the integration |
| type | string | The type of integration |
| account | account object | The integration's account information |
| application_id? | snowflake | The OAuth2 application for Discord integrations |
Example Partial Integration
Partial Role Object
Partial Role Structure
| Field | Type | Description |
|---|---|---|
| id | snowflake | The ID of the role |
| name | string | The name of the role |
Example Partial Role
Endpoints
Get Guild Audit Log
GET/guilds/{guild.id}/audit-logsReturns an audit log object for the guild. Requires the 'VIEW_AUDIT_LOG' permission.
Query String Params
| Field | Type | Description |
|---|---|---|
| before? | snowflake | Get entries before this entry ID |
| after? | snowflake | Get entries after this entry ID |
| limit? | integer | Max number of entries to return (1-100, default 50) |
| user_id? | snowflake | Get actions made by a specific user |
| action_type? | integer | The type of audit log event to filter by |