Skip to main content
When an administrative action is performed in a guild, an entry is added to its audit log. Viewing audit logs requires the VIEW_AUDIT_LOG permission. All audit log entries are stored for 45 days. When an app performs an eligible action, it can pass an X-Audit-Log-Reason header to indicate why the action was taken.

Audit log object

Audit log structure

application_commands
array of application command objects
required
List of application commands referenced in the audit log.
audit_log_entries
array of audit log entry objects
required
List of audit log entries, sorted from most to least recent.
auto_moderation_rules
array of auto moderation rule objects
required
List of auto moderation rules referenced in the audit log.
guild_scheduled_events
array of guild scheduled event objects
required
List of guild scheduled events referenced in the audit log.
integrations
array of partial integration objects
required
List of partial integration objects.
threads
array of channel objects
required
List of threads referenced in the audit log. Threads referenced in THREAD_CREATE and THREAD_UPDATE events are included since archived threads might not be kept in memory by clients.
users
array of user objects
required
List of users referenced in the audit log.
webhooks
array of webhook objects
required
List of webhooks referenced in the audit log.

Partial integration object example

{
  "id": "33590653072239123",
  "name": "A Name",
  "type": "twitch",
  "account": {
    "name": "twitchusername",
    "id": "1234567"
  },
  "application_id": "94651234501213162"
}

Audit log entry object

Each audit log entry represents a single administrative action indicated by action_type. Most entries contain changes in the changes array that affected an entity in Discord. Apps can specify why an administrative action is being taken by passing an X-Audit-Log-Reason request header. The header supports 1–512 URL-encoded UTF-8 characters. Reasons are visible to users in the client and to apps when fetching audit log entries.

Audit log entry structure

target_id
?string
required
ID of the affected entity (webhook, user, role, etc.).
changes
array of audit log change objects
Changes made to the target_id. Optional field.
user_id
?snowflake
required
User or app that made the changes.
id
snowflake
required
ID of the entry.
action_type
integer
required
Type of action that occurred. See audit log events.
options
optional audit entry info object
Additional info for certain event types. Optional field.
reason
string
Reason for the change (1–512 characters). Optional field.
For APPLICATION_COMMAND_PERMISSION_UPDATE events, the target_id is the command ID or the app ID, since the changes array represents the entire permissions property on the guild permissions object.

Audit log events

The table below lists all audit log events and their action_type values.
You should assume that your app may encounter any field for the changed object, though none are guaranteed to be present. In most cases only a subset of the object’s fields will be in the changes array.
EventValueDescriptionObject changed
GUILD_UPDATE1Server settings were updatedGuild
CHANNEL_CREATE10Channel was createdChannel
CHANNEL_UPDATE11Channel settings were updatedChannel
CHANNEL_DELETE12Channel was deletedChannel
CHANNEL_OVERWRITE_CREATE13Permission overwrite was added to a channelChannel Overwrite
CHANNEL_OVERWRITE_UPDATE14Permission overwrite was updated for a channelChannel Overwrite
CHANNEL_OVERWRITE_DELETE15Permission overwrite was deleted from a channelChannel Overwrite
MEMBER_KICK20Member was removed from server
MEMBER_PRUNE21Members were pruned from server
MEMBER_BAN_ADD22Member was banned from server
MEMBER_BAN_REMOVE23Server ban was lifted for a member
MEMBER_UPDATE24Member was updated in serverMember
MEMBER_ROLE_UPDATE25Member was added or removed from a rolePartial Role
MEMBER_MOVE26Member was moved to a different voice channel
MEMBER_DISCONNECT27Member was disconnected from a voice channel
BOT_ADD28Bot user was added to server
ROLE_CREATE30Role was createdRole
ROLE_UPDATE31Role was editedRole
ROLE_DELETE32Role was deletedRole
INVITE_CREATE40Server invite was createdInvite and Invite Metadata
INVITE_UPDATE41Server invite was updatedInvite and Invite Metadata
INVITE_DELETE42Server invite was deletedInvite and Invite Metadata
WEBHOOK_CREATE50Webhook was createdWebhook
WEBHOOK_UPDATE51Webhook properties or channel were updatedWebhook
WEBHOOK_DELETE52Webhook was deletedWebhook
EMOJI_CREATE60Emoji was createdEmoji
EMOJI_UPDATE61Emoji name was updatedEmoji
EMOJI_DELETE62Emoji was deletedEmoji
MESSAGE_DELETE72Single message was deleted
MESSAGE_BULK_DELETE73Multiple messages were deleted
MESSAGE_PIN74Message was pinned to a channel
MESSAGE_UNPIN75Message was unpinned from a channel
INTEGRATION_CREATE80App was added to serverIntegration
INTEGRATION_UPDATE81App was updatedIntegration
INTEGRATION_DELETE82App was removed from serverIntegration
STAGE_INSTANCE_CREATE83Stage instance was createdStage Instance
STAGE_INSTANCE_UPDATE84Stage instance details were updatedStage Instance
STAGE_INSTANCE_DELETE85Stage instance was deletedStage Instance
STICKER_CREATE90Sticker was createdSticker
STICKER_UPDATE91Sticker details were updatedSticker
STICKER_DELETE92Sticker was deletedSticker
GUILD_SCHEDULED_EVENT_CREATE100Event was createdGuild Scheduled Event
GUILD_SCHEDULED_EVENT_UPDATE101Event was updatedGuild Scheduled Event
GUILD_SCHEDULED_EVENT_DELETE102Event was cancelledGuild Scheduled Event
THREAD_CREATE110Thread was created in a channelThread
THREAD_UPDATE111Thread was updatedThread
THREAD_DELETE112Thread was deletedThread
APPLICATION_COMMAND_PERMISSION_UPDATE121Permissions were updated for a commandCommand Permission
SOUNDBOARD_SOUND_CREATE130Soundboard sound was createdSoundboard Sound
SOUNDBOARD_SOUND_UPDATE131Soundboard sound was updatedSoundboard Sound
SOUNDBOARD_SOUND_DELETE132Soundboard sound was deletedSoundboard Sound
AUTO_MODERATION_RULE_CREATE140Auto Moderation rule was createdAuto Moderation Rule
AUTO_MODERATION_RULE_UPDATE141Auto Moderation rule was updatedAuto Moderation Rule
AUTO_MODERATION_RULE_DELETE142Auto Moderation rule was deletedAuto Moderation Rule
AUTO_MODERATION_BLOCK_MESSAGE143Message was blocked by Auto Moderation
AUTO_MODERATION_FLAG_TO_CHANNEL144Message was flagged by Auto Moderation
AUTO_MODERATION_USER_COMMUNICATION_DISABLED145Member was timed out by Auto Moderation
AUTO_MODERATION_QUARANTINE_USER146Member was quarantined by Auto Moderation
CREATOR_MONETIZATION_REQUEST_CREATED150Creator monetization request was created
CREATOR_MONETIZATION_TERMS_ACCEPTED151Creator monetization terms were accepted
ONBOARDING_PROMPT_CREATE163Guild Onboarding Question was createdOnboarding Prompt
ONBOARDING_PROMPT_UPDATE164Guild Onboarding Question was updatedOnboarding Prompt
ONBOARDING_PROMPT_DELETE165Guild Onboarding Question was deletedOnboarding Prompt
ONBOARDING_CREATE166Guild Onboarding was createdGuild Onboarding
ONBOARDING_UPDATE167Guild Onboarding was updatedGuild Onboarding
HOME_SETTINGS_CREATE190Guild Server Guide was created
HOME_SETTINGS_UPDATE191Guild Server Guide was updated

Optional audit entry info

FieldTypeDescriptionEvent types
application_idsnowflakeID of the app whose permissions were targetedAPPLICATION_COMMAND_PERMISSION_UPDATE
auto_moderation_rule_namestringName of the Auto Moderation rule that was triggeredAUTO_MODERATION_BLOCK_MESSAGE, AUTO_MODERATION_FLAG_TO_CHANNEL, AUTO_MODERATION_USER_COMMUNICATION_DISABLED, AUTO_MODERATION_QUARANTINE_USER
auto_moderation_rule_trigger_typestringTrigger type of the Auto Moderation rule that was triggeredAUTO_MODERATION_BLOCK_MESSAGE, AUTO_MODERATION_FLAG_TO_CHANNEL, AUTO_MODERATION_USER_COMMUNICATION_DISABLED, AUTO_MODERATION_QUARANTINE_USER
channel_idsnowflakeChannel in which the entities were targetedMEMBER_MOVE, MESSAGE_PIN, MESSAGE_UNPIN, MESSAGE_DELETE, STAGE_INSTANCE_CREATE, STAGE_INSTANCE_UPDATE, STAGE_INSTANCE_DELETE, AUTO_MODERATION_BLOCK_MESSAGE, AUTO_MODERATION_FLAG_TO_CHANNEL, AUTO_MODERATION_USER_COMMUNICATION_DISABLED, AUTO_MODERATION_QUARANTINE_USER
countstringNumber of entities that were targetedMESSAGE_DELETE, MESSAGE_BULK_DELETE, MEMBER_DISCONNECT, MEMBER_MOVE
delete_member_daysstringNumber of days after which inactive members were kickedMEMBER_PRUNE
idsnowflakeID of the overwritten entityCHANNEL_OVERWRITE_CREATE, CHANNEL_OVERWRITE_UPDATE, CHANNEL_OVERWRITE_DELETE
members_removedstringNumber of members removed by the pruneMEMBER_PRUNE
message_idsnowflakeID of the message that was targetedMESSAGE_PIN, MESSAGE_UNPIN
role_namestringName of the role if type is "0" (not present if type is "1")CHANNEL_OVERWRITE_CREATE, CHANNEL_OVERWRITE_UPDATE, CHANNEL_OVERWRITE_DELETE
typestringType of overwritten entity — role ("0") or member ("1")CHANNEL_OVERWRITE_CREATE, CHANNEL_OVERWRITE_UPDATE, CHANNEL_OVERWRITE_DELETE
integration_typestringThe type of integration which performed the actionMEMBER_KICK, MEMBER_ROLE_UPDATE

Audit log change object

Many audit log events include a changes array in their entry object. The structure of individual changes varies based on the event type.
If new_value is not present while old_value is, the property has been reset or set to null. If old_value is not included, the property was previously null.

Audit log change structure

new_value
mixed
New value of the key. Type matches the object field’s type. Optional field.
old_value
mixed
Old value of the key. Type matches the object field’s type. Optional field.
key
string
required
Name of the changed entity, with a few exceptions.

Audit log change exceptions

For most objects, the change keys correspond to the changed object’s fields. The following table details exceptions.
Object changedChange key exceptionsChange object exceptions
Command PermissionSnowflake as keyThe changes array contains objects with a key field representing the entity whose command was affected (role, channel, or user ID), a previous permissions object (old_value), and an updated permissions object (new_value)
Invite and Invite MetadataAdditional channel_id key (instead of channel.id)
Partial Role$add and $remove as keysnew_value is an array of objects containing the role id and name
Webhookavatar_hash key (instead of avatar)

Get guild audit log

GET /guilds/{guild.id}/audit-logs
Returns an audit log object for the guild. Requires the VIEW_AUDIT_LOG permission. The returned list of audit log entries is ordered based on whether you use before or after:
  • before: List is ordered by entry ID descending (newer entries first).
  • after: List is reversed and appears in ascending order (older entries first).
  • Neither: Defaults to before the current timestamp, showing the most recent entries in descending order. Use after=0 to show the oldest entries instead.

Query string params

user_id
snowflake
Filter entries to a specific user ID.
action_type
integer
Filter entries for a specific audit log event.
before
snowflake
Entries with ID less than a specific audit log entry ID.
after
snowflake
Entries with ID greater than a specific audit log entry ID.
limit
integer
default:"50"
Maximum number of entries to return (1–100).