Skip to main content
Webhook events are one-way events sent to your app over HTTP to notify you when an event occurred. Unlike events that are sent over Gateway connections, events sent over webhooks are not realtime or guaranteed to be in order. While incoming webhooks are triggered by an external service, webhook events (i.e. outgoing webhooks) are triggered by events happening in Discord. This means your app will need to set up a public URL where you can receive HTTP events, which is detailed in the preparing for events section.

Subscribing to Events

To configure webhook events, you’ll need to configure your URL and select the events you want your app to receive.
The steps below walk through subscribing using the developer portal. If you prefer to use the API, you can call Edit Current Application.
In your app’s settings, navigate to the Webhooks page from the left-hand sidebar then complete the following:
  1. Under Endpoint, add a public URL that is set up to receive and acknowledge webhook events. Details about setting up a Webhook Events URL is in the preparing for events section.
  2. Enable Events by clicking the toggle in the Events section.
  3. Select the webhook events you want your app to receive.
  4. Click Save Changes.
If your URL is successfully verified, your app should begin receiving the events you selected.

Preparing for Events

To receive webhook events, you’ll need to configure your app’s Webhook Event URL in your app’s settings.

Configuring a Webhook Events URL

A Webhook Events URL is a public endpoint for your app where Discord can send your app HTTP-based events. If your app is using Gateway events, you don’t need to configure a Webhook Events URL.

Setting Up an Endpoint

Before you can add a Webhook Events URL to your app, your endpoint must be prepared for two things ahead of time:
  1. Acknowledging PING events from Discord
  2. Validate security-related request headers (X-Signature-Ed25519 and X-Signature-Timestamp)
If either of these are not complete, your Webhook Events URL will not be validated. Details on acknowledging PING events and validating security-related headers are below.
Acknowledging PING requests
When adding your Webhook Events URL, Discord will send a POST request with a PING payload with a type: 0 to your endpoint. Your app is expected to acknowledge the request by returning a 204 response with an empty body.
You must provide a valid Content-Type when responding to PINGs. See here for further information.
To properly acknowledge a PING payload, return a 204 response with no body:
Validating Security Request Headers
To receive events via HTTP, there are some security steps you must take before your app is eligible to receive requests. Each webhook is sent with the following headers:
  • X-Signature-Ed25519 as a signature
  • X-Signature-Timestamp as a timestamp
Using your favorite security library, you must validate the request each time you receive an event. If the signature fails validation, your app should respond with a 401 error code. Code examples of validating security headers is in the Interactions documentation. In addition to ensuring your app validates security-related request headers at the time of saving your endpoint, Discord will also perform automated, routine security checks against your endpoint, including purposefully sending you invalid signatures. If you fail the validation, we will remove your Webhook Events URL and alert you via email and System DM. We recommend checking out our Community Resources and the libraries found there.

Adding an Webhook Events Endpoint URL

After you have a public endpoint to use as your app’s Event Webhooks URL, you can add it to your app by going to your app’s settings. On the Webhooks page, look for the Endpoint URL field. Paste your public URL that is set up to acknowledge PING messages and correctly handles security-related signature headers. After you configure your Webhook Events URL, you can enable and subscribe to events on the same page.

Responding to Events

When your Webhook Event URL receives a webhook event, your app should respond with a 204 status code with no body within 3 seconds to acknowledge that your app successfully received it. If your app doesn’t respond to the webhook event, Discord will retry sending it several times using exponential backoff for up to 10 minutes. If your app fails to respond too often, Discord will stop sending you webhook events and notify you via email.

Webhook Event Payloads

Webhook events are wrapped in an outer payload, with an inner event object.

Payload Structure

Structure of the outer webhook payload

Webhook Types

Event Body Object

The event body contains high-level data about the event, like the type and time it was triggered. The inner data object contains information specific to the event type.

Event Types

The table below includes the different webhook event types your app can subscribe to. The “Value” column corresponds to the event’s type field value in the event body object.

Application Authorized

APPLICATION_AUTHORIZED is sent when the app is added to a server or user account.
Application Authorized Structure
Application Authorized Example

Application Deauthorized

APPLICATION_DEAUTHORIZED is sent when the app is deauthorized by a user.
Application Deauthorized Structure
Application Deauthorized Example
Discord Social SDK
For Discord Social SDK apps, APPLICATION_DEAUTHORIZED is the only out-of-game signal that a user’s link state has changed. Listening for it is required to keep your application state in sync — if you miss the webhook, the next token use will fail and the game should fall back to the provisional account flow. Every revocation that fires this event is mechanically an unmerge — the merged Discord account reverts to a new provisional account, and the OAuth2 tokens for the Discord user become invalid. The triggers include:

Entitlement Create

ENTITLEMENT_CREATE is sent when an entitlement is created when a user purchases or is otherwise granted one of your app’s SKUs. Refer to the Monetization documentation for details.
Entitlement Create Structure
The inner payload is an entitlement object.
Entitlement Create Example

Entitlement Update

ENTITLEMENT_UPDATE is sent when an entitlement is updated. Refer to the Monetization documentation for details.
Entitlement Update Structure
The inner payload is an entitlement object.
Entitlement Update Example

Entitlement Delete

ENTITLEMENT_DELETE is sent when an entitlement is deleted. Refer to the Monetization documentation for details.
Entitlement Delete Structure
The inner payload is an entitlement object.
Entitlement Delete Example

Quest User Enrollment

This event cannot be received by apps at this time. It’s documented because it appears on the Webhooks settings page.
QUEST_USER_ENROLLMENT is sent when a user is added to a Quest on Discord.

Lobby Message Create

LOBBY_MESSAGE_CREATE is sent when a message is created in a lobby.
Lobby Message Create Structure
The inner payload is a lobby message object.
Lobby Message Create Example

Lobby Message Update

LOBBY_MESSAGE_UPDATE is sent when a message is updated in a lobby.
Lobby Message Update Structure
The inner payload is a lobby message object with additional fields for message updates.
Lobby Message Update Example

Lobby Message Delete

LOBBY_MESSAGE_DELETE is sent when a message is deleted from a lobby.
Lobby Message Delete Structure
Lobby Message Delete Example

Game Direct Message Create

GAME_DIRECT_MESSAGE_CREATE is sent when a direct message is created while at least one user has an active Social SDK session.
Game Direct Message Create Structure
The inner payload is a message object or SDK DM message object.
Game Direct Message Create Example

Game Direct Message Update

GAME_DIRECT_MESSAGE_UPDATE is sent when a direct message is updated while at least one user has an active Social SDK session.
Game Direct Message Update Structure
The inner payload is a message object or SDK DM message object.
Game Direct Message Update Example

Game Direct Message Delete

GAME_DIRECT_MESSAGE_DELETE is sent when a direct message is deleted while at least one user has an active Social SDK session.
Game Direct Message Delete Structure
The inner payload is a message object or SDK DM message object.
Game Direct Message Delete Example

Social SDK Message Objects

Discord Social SDK utilizes specialized message objects for lobby and direct message events that occur during active game sessions. These objects extend or modify the standard Discord message structure to support communication features. These objects are used in the webhook events LOBBY_MESSAGE_* and GAME_DIRECT_MESSAGE_* depending on the messaging context.

Lobby Message Object

Represents a message sent in a lobby or Linked Channel.
Lobby Message Structure

Message Object

Standard Message Object with additional fields.
Additional Fields

SDK DM Message Object

Represents a message between provisional users that exists only in-game.
SDK DM Message Structure
When both users in a direct message are provisional accounts, messages become “SDK DM messages” that are only visible in-game and use this specialized structure.