To set up two-factor authorization on an already authorized account, follow the SRP 2FA authentication docs.
Each phone number is limited to only a certain amount of logins per day (e.g. 5, but this is subject to change) after which the API will return a FLOOD error until the next day. This might not be enough for testing the implementation of User Authorization flows in client applications.
-There are several reserved phone number prefixes for testing that your application handles redirects between DCs, sign up, sign in and 2FA flows correctly. These numbers are only available on Test DCs (their IP addresses for TCP transport are available in API development tools panel after api_id was obtained, URI format for HTTPS/Websocket transport).
+There are several reserved phone number prefixes for testing that your application handles redirects between DCs, sign up, sign in and 2FA flows correctly. These numbers are only available on Test DCs (their IP addresses for TCP transport are available in API development tools panel after api_id was obtained, URI format for HTTPS/WebSocket transport).
If you wish to emulate an application of a user associated with DC number X, it is sufficient to specify the phone number as 99966XYYYY, where YYYY are random numbers, when registering the user. A user like this would always get XXXXX as the login confirmation code (the DC number, repeated five times). Note that the value of X must be in the range of 1-3 because there are only 3 Test DCs. When the flood limit is reached for any particular test number, just choose another number (changing the YYYY random part).
Do not store any important or private information in the messages of such test accounts; anyone can make use of the simplified authorization mechanism – and we periodically wipe all information stored there.
Proceed with User Authorization flows in Production DCs only after you make sure everything works correctly on Test DCs first to avoid reaching flood limits.
diff --git a/data/web/corefork.telegram.org/bots/samples.html b/data/web/corefork.telegram.org/bots/samples.html index b6d17be02b..02a1fe0b20 100644 --- a/data/web/corefork.telegram.org/bots/samples.html +++ b/data/web/corefork.telegram.org/bots/samples.html @@ -47,212 +47,377 @@This page lists some libraries and frameworks developed by the Telegram community – you should take care to report any bugs you may find to the respective developers, as these projects are not maintained by Telegram.
Ping us on @BotSupport if you would like your library to appear on this page.
-Nutgram. The Telegram bot framework that doesn't drive you nuts.
https://github.com/nutgram/nutgram
Nutgram. The Telegram bot framework that doesn't drive you nuts. +https://github.com/nutgram/nutgram
klev-o/telegram-bot-api. Simple and convenient object-oriented implementation Telegram Bot API with PHP version ^7.4 support.
https://github.com/klev-o/telegram-bot-api
klev-o/telegram-bot-api. Simple and convenient object-oriented implementation Telegram Bot API with PHP version ^7.4 support. +https://github.com/klev-o/telegram-bot-api
Telegraph. A Laravel package for fluently interacting with Telegram Bots.
https://github.com/def-studio/telegraph
Telegraph. A Laravel package for fluently interacting with Telegram Bots. +https://github.com/def-studio/telegraph
TeleBot. Easy way to create Telegram bots in PHP. Rich Laravel support out of the box.
https://github.com/westacks/telebot
TeleBot. Easy way to create Telegram bots in PHP. Rich Laravel support out of the box. +https://github.com/westacks/telebot
PTB. A PHP Procedural library for Telegram Bot API.
https://github.com/DevDasher/PTB-PHP
PTB. A PHP Procedural library for Telegram Bot API. +https://github.com/DevDasher/PTB-PHP
LaraGram. An advanced framework for Telegram Bot development.
https://github.com/laraXgram/LaraGram
LaraGram. An advanced framework for Telegram Bot development. +https://github.com/laraXgram/LaraGram
BotAPI. SDK for the Telegram Bot API.
https://github.com/TelegramSDK/BotAPI
BotAPI. SDK for the Telegram Bot API. +https://github.com/TelegramSDK/BotAPI
TuriBot. A simple way to communicate with Telegram APIs in PHP.
https://github.com/davtur19/TuriBot
TuriBot. A simple way to communicate with Telegram APIs in PHP. +https://github.com/davtur19/TuriBot
TelegramBotsApi. SDK for Telegram Bot API.
https://github.com/kuvardin/TelegramBotsApi
TelegramBotsApi. SDK for Telegram Bot API. +https://github.com/kuvardin/TelegramBotsApi
PHP Telegram Bot. PHP Telegram Bot based on the official Telegram Bot API.
https://github.com/php-telegram-bot/core
PHP Telegram Bot. PHP Telegram Bot based on the official Telegram Bot API. +https://github.com/php-telegram-bot/core
Telegram Bot PHP. A library that makes using Telegram Bot API much easier.
https://github.com/telegram-bot-php/core
Telegram Bot PHP. A library that makes using Telegram Bot API much easier. +https://github.com/telegram-bot-php/core
PHP Telegram API. A complete async capable Telegram Bot API implementation for PHP7.
https://github.com/unreal4u/telegram-api
PHP Telegram API. A complete async capable Telegram Bot API implementation for PHP7. +https://github.com/unreal4u/telegram-api
Telegram Bot Api Base. Clear and simple Telegram Bot API.
https://github.com/tg-bot-api/bot-api-base
Telegram Bot Api Base. Clear and simple Telegram Bot API. +https://github.com/tg-bot-api/bot-api-base
NeleBot X Framework. Framework for Telegram Bot API.
https://github.com/NeleB54Gold/NeleBotX
NeleBot X Framework. Framework for Telegram Bot API. +https://github.com/NeleB54Gold/NeleBotX
Bot API PHP SDK. Telegram Bot API PHP SDK. Supports Laravel out of the box.
https://github.com/irazasyed/telegram-bot-sdk
Bot API PHP SDK. Telegram Bot API PHP SDK. Supports Laravel out of the box. +https://github.com/irazasyed/telegram-bot-sdk
TgBotLib. A library for creating Telegram Bots in PHP, based on the Telegram Bot API.
https://git.n64.cc/nosial/libs/tgbot
TgBotLib. A library for creating Telegram Bots in PHP, based on the Telegram Bot API. +https://git.n64.cc/nosial/libs/tgbot
PHP Telegram Bot Api. Native PHP Wrapper for Telegram BOT API.
https://github.com/TelegramBot/Api
PHP Telegram Bot Api. Native PHP Wrapper for Telegram BOT API. +https://github.com/TelegramBot/Api
NovaGram. An Object-Oriented PHP library for Telegram Bots.
https://github.com/skrtdev/NovaGram
NovaGram. An Object-Oriented PHP library for Telegram Bots. +https://github.com/skrtdev/NovaGram
Golang Telegram Bot library. An autogenerated wrapper for the Telegram Bot API. Inspired by the python-telegram-bot library.
https://github.com/paulsonoflars/gotgbot
Golang Telegram Bot library. An autogenerated wrapper for the Telegram Bot API. Inspired by the python-telegram-bot library. +https://github.com/paulsonoflars/gotgbot
Telego. Telegram Bot API library.
https://github.com/mymmrac/telego
Telego. Telegram Bot API library. +https://github.com/mymmrac/telego
Golang Telegram Bot. Telegram Bot API Go framework.
https://github.com/go-telegram/bot
Golang Telegram Bot. Telegram Bot API Go framework. +https://github.com/go-telegram/bot
echotron. An elegant and concurrent library for the Telegram Bot API.
https://github.com/NicoNex/echotron
echotron. An elegant and concurrent library for the Telegram Bot API. +https://github.com/NicoNex/echotron
Telegram Bot API helper for Golang. A Telegram Bot API wrapper.
https://github.com/meinside/telegram-bot-go
Telegram Bot API helper for Golang. A Telegram Bot API wrapper. +https://github.com/meinside/telegram-bot-go
telebot. A Telegram bot framework.
https://github.com/tucnak/telebot
telebot. A Telegram bot framework. +https://github.com/tucnak/telebot
Telegram Bot API client for Golang. Telegram Bot API client library for golang.
https://github.com/udev-21/ya-golang-tbot-api
Telegram Bot API client for Golang. Telegram Bot API client library for golang. +https://github.com/udev-21/ya-golang-tbot-api
go-tg. Library for accessing Telegram Bot API, with batteries for building complex bots included.
https://github.com/mr-linch/go-tg
go-tg. Library for accessing Telegram Bot API, with batteries for building complex bots included. +https://github.com/mr-linch/go-tg
Telegram Bot API: Go implementation. A Telegram IM bots API implementation.
https://github.com/temoon/telegram-bots-api
Telegram Bot API: Go implementation. A Telegram IM bots API implementation. +https://github.com/temoon/telegram-bots-api
Telegrambot. Telegram Bot API in Go, but with more clean code.
https://github.com/nickname76/telegrambot
Telegrambot. Telegram Bot API in Go, but with more clean code. +https://github.com/nickname76/telegrambot
go-telegram-bot-api. Bindings for the Telegram Bot API.
https://github.com/go-telegram-bot-api/telegram-bot-api
go-telegram-bot-api. Bindings for the Telegram Bot API. +https://github.com/go-telegram-bot-api/telegram-bot-api
TgWrap. A library with Telegram Bot API bindings.
https://github.com/rogozhka/tgwrap
TgWrap. A library with Telegram Bot API bindings. +https://github.com/rogozhka/tgwrap
python-telegram-bot. A wrapper you can't refuse.
https://github.com/python-telegram-bot/python-telegram-bot
python-telegram-bot. A wrapper you can't refuse. +https://github.com/python-telegram-bot/python-telegram-bot
pyTelegramBotAPI. A simple, but extensible Python implementation for the Telegram Bot API.
https://github.com/eternnoir/pyTelegramBotAPI
pyTelegramBotAPI. A simple, but extensible Python implementation for the Telegram Bot API. +https://github.com/eternnoir/pyTelegramBotAPI
AIOGram. A pretty simple and fully asynchronous library for Telegram Bot API written with asyncio and aiohttp.
https://github.com/aiogram/aiogram
AIOGram. A pretty simple and fully asynchronous library for Telegram Bot API written with asyncio and aiohttp. +https://github.com/aiogram/aiogram
TGramBot. A partially auto-generated and asynchronous Minimal Telegram Bot API framework.
https://github.com/KeralaBots/TGramBot
TGramBot. A partially auto-generated and asynchronous Minimal Telegram Bot API framework. +https://github.com/KeralaBots/TGramBot
OrigamiBot. A pythonic Telegram bot API library.
https://github.com/cmd410/OrigamiBot
OrigamiBot. A pythonic Telegram bot API library. +https://github.com/cmd410/OrigamiBot
pytgbot. A module to access the Telegram Bot API.
https://github.com/luckydonald/pytgbot
pytgbot. A module to access the Telegram Bot API. +https://github.com/luckydonald/pytgbot
teleflask. A framework based on flask and pytgbot.
https://github.com/luckydonald/teleflask
teleflask. A framework based on flask and pytgbot. +https://github.com/luckydonald/teleflask
telegram-text. A Python markup module, which can be used with other frameworks.
https://github.com/SKY-ALIN/telegram-text
telegram-text. A Python markup module, which can be used with other frameworks. +https://github.com/SKY-ALIN/telegram-text
Frankenstein. A Telegram Bot API client.
https://github.com/ayrat555/frankenstein
Frankenstein. A Telegram Bot API client. +https://github.com/ayrat555/frankenstein
teloxide. An elegant Telegram bots framework.
https://github.com/teloxide/teloxide
teloxide. An elegant Telegram bots framework. +https://github.com/teloxide/teloxide
MOBOT. A Telegram Bot Library in Rust.
https://github.com/0xfe/mobot
MOBOT. A Telegram Bot Library in Rust. +https://github.com/0xfe/mobot
Ferrisgram. An asynchronous autogenerated wrapper for the Telegram Bot API.
https://github.com/ferrisgram/ferrisgram
Ferrisgram. An asynchronous autogenerated wrapper for the Telegram Bot API. +https://github.com/ferrisgram/ferrisgram
tgbotapi. A library for using the Telegram Bot API.
https://github.com/Syfaro/tgbotapi-rs
tgbotapi. A library for using the Telegram Bot API. +https://github.com/Syfaro/tgbotapi-rs
carapax. A Telegram Bot API framework.
https://github.com/tg-rs/carapax
carapax. A Telegram Bot API framework. +https://github.com/tg-rs/carapax
TelegramBotAPI. Type-safe library for work with Telegram Bot API.
https://github.com/InsanusMokrassar/TelegramBotAPI
TelegramBotAPI. Type-safe library for work with Telegram Bot API. +https://github.com/InsanusMokrassar/TelegramBotAPI
Kotlin Telegram Bot. Telegram Bot API wrapper, with handy Kotlin DSL.
https://github.com/vendelieu/telegram-bot
Kotlin Telegram Bot. Telegram Bot API wrapper, with handy Kotlin DSL. +https://github.com/vendelieu/telegram-bot
Kotlin Telegram Bot. A wrapper for the Telegram Bot API.
https://github.com/kotlin-telegram-bot/kotlin-telegram-bot
Kotlin Telegram Bot. A wrapper for the Telegram Bot API. +https://github.com/kotlin-telegram-bot/kotlin-telegram-bot
Telegram Bot API in Kotlin Multiplatform. Telegram Bot API in Kotlin.
https://github.com/omarmiatello/telegram
Telegram Bot API in Kotlin Multiplatform. Telegram Bot API in Kotlin. +https://github.com/omarmiatello/telegram
kt-telegram-bot. Telegram Bot API library for Kotlin language.
https://github.com/elbekD/kt-telegram-bot
kt-telegram-bot. Telegram Bot API library for Kotlin language. +https://github.com/elbekD/kt-telegram-bot
Iris Telegram API. Yet another Telegram API bot created with Kotlin.
https://github.com/iris2iris/iris-telegram-api
Iris Telegram API. Yet another Telegram API bot created with Kotlin. +https://github.com/iris2iris/iris-telegram-api
Telegraf. Modern Telegram Bot Framework for Node.js.
https://github.com/telegraf/telegraf
Telegraf. Modern Telegram Bot Framework for Node.js. +https://github.com/telegraf/telegraf
Node-Telegram-bot. Node.js module to interact with the official Telegram Bot API.
https://github.com/yagop/node-telegram-bot-api
Node-Telegram-bot. Node.js module to interact with the official Telegram Bot API. +https://github.com/yagop/node-telegram-bot-api
Telebot. The easy way to write Telegram bots.
https://github.com/mullwar/telebot
Telebot. The easy way to write Telegram bots. +https://github.com/mullwar/telebot
Slimbot. A fuss-free, thin wrapper around Telegram Bot API for Node.js. No frills.
https://github.com/edisonchee/slimbot
Slimbot. A fuss-free, thin wrapper around Telegram Bot API for Node.js. No frills. +https://github.com/edisonchee/slimbot
Telegram.bot. .NET Client for Telegram Bot API.
https://github.com/TelegramBots/Telegram.Bot
Telegram.bot. .NET Client for Telegram Bot API. +https://github.com/TelegramBots/Telegram.Bot
Telegram.Bots. A .NET 5 wrapper for the Telegram Bot API.
https://github.com/TelegramBotsAPI/Telegram.Bots
Telegram.Bots. A .NET 5 wrapper for the Telegram Bot API. +https://github.com/TelegramBotsAPI/Telegram.Bots
RxTelegram.Bot. RxTelegram uses a reactive approach to make Updates available.
https://github.com/RxTelegram/RxTelegram.Bot
RxTelegram.Bot. RxTelegram uses a reactive approach to make Updates available. +https://github.com/RxTelegram/RxTelegram.Bot
Telegram.BotAPI for NET. One of the most complete libraries available to interact with the Telegram Bot API.
https://github.com/Eptagone/Telegram.BotAPI
Telegram.BotAPI for NET. One of the most complete libraries available to interact with the Telegram Bot API. +https://github.com/Eptagone/Telegram.BotAPI
Telegram Vapor Bot. The wrapper for the Telegram Bot API written in Swift with Vapor.
https://github.com/nerzh/telegram-vapor-bot
Telegram Vapor Bot. The wrapper for the Telegram Bot API written in Swift with Vapor. +https://github.com/nerzh/telegram-vapor-bot
telegram-bot-swift. Telegram Bot SDK for Swift.
https://github.com/rapierorg/telegram-bot-swift
telegram-bot-swift. Telegram Bot SDK for Swift. +https://github.com/rapierorg/telegram-bot-swift
Telegrammer. Telegram Bot Framework written in Swift 5.1 with SwiftNIO network framework.
https://github.com/givip/Telegrammer
Telegrammer. Telegram Bot Framework written in Swift 5.1 with SwiftNIO network framework. +https://github.com/givip/Telegrammer
grammY. The Telegram Bot Framework.
https://github.com/grammyjs/grammY
grammY. The Telegram Bot Framework. +https://github.com/grammyjs/grammY
Nestgram. Framework for working with Telegram Bot API on TypeScript like Nest.js.
https://github.com/Degreet/nestgram
Nestgram. Framework for working with Telegram Bot API on TypeScript like Nest.js. +https://github.com/Degreet/nestgram
puregram. Powerful and modern telegram bot api sdk for node.js and typescript.
https://github.com/nitreojs/puregram
puregram. Powerful and modern telegram bot api sdk for node.js and typescript. +https://github.com/nitreojs/puregram
TelegramBots. A simple to use library to create Telegram Bots.
https://github.com/rubenlagus/TelegramBots
TelegramBots. A simple to use library to create Telegram Bots. +https://github.com/rubenlagus/TelegramBots
Java API. Telegram Bot API for Java.
https://github.com/pengrad/java-telegram-bot-api
Java API. Telegram Bot API for Java. +https://github.com/pengrad/java-telegram-bot-api
ReBot. A Java EE Telegram Bot API.
https://github.com/rebasing-xyz/rebot
ReBot. A Java EE Telegram Bot API. +https://github.com/rebasing-xyz/rebot
canoe. Functional Telegram Bot API.
https://github.com/augustjune/canoe
canoe. Functional Telegram Bot API. +https://github.com/augustjune/canoe
bot4s.telegram. Simple, extensible, strongly-typed wrapper for the Telegram Bot API.
https://github.com/bot4s/telegram
bot4s.telegram. Simple, extensible, strongly-typed wrapper for the Telegram Bot API. +https://github.com/bot4s/telegram
F[Tg] - Telegramium. Pure functional Telegram Bot API implementation.
https://github.com/apimorphism/telegramium
F[Tg] - Telegramium. Pure functional Telegram Bot API implementation. +https://github.com/apimorphism/telegramium
Telegram::Bot. Ruby gem for building Telegram Bot with optional Rails integration.
https://github.com/telegram-bot-rb/telegram-bot
Telegram::Bot. Ruby gem for building Telegram Bot with optional Rails integration. +https://github.com/telegram-bot-rb/telegram-bot
telegram-bot-ruby. Ruby wrapper for Telegram's Bot API.
https://github.com/atipugin/telegram-bot-ruby
telegram-bot-ruby. Ruby wrapper for Telegram's Bot API. +https://github.com/atipugin/telegram-bot-ruby
Elixir. ExGram. Telegram Bot API low level API and framework.
https://github.com/rockneurotiko/ex_gram
Elixir. ExGram. Telegram Bot API low level API and framework. +https://github.com/rockneurotiko/ex_gram
Elixir. Nadia. Telegram Bot API Wrapper.
https://github.com/zhyu/nadia
Elixir. Nadia. Telegram Bot API Wrapper. +https://github.com/zhyu/nadia
C++. tgbot-cpp. A library for Telegram Bot API.
https://github.com/reo7sp/tgbot-cpp
C++. tgbot-cpp. A library for Telegram Bot API. +https://github.com/reo7sp/tgbot-cpp
C++. tgbot. A library for Telegram Bot API with generated API types and methods.
https://github.com/egorpugin/tgbot
C++. tgbot. A library for Telegram Bot API with generated API types and methods. +https://github.com/egorpugin/tgbot
Dart. TeleDart. A library interfacing with the latest Telegram Bot API.
https://github.com/DinoLeung/TeleDart
Dart. TeleDart. A library interfacing with the latest Telegram Bot API. +https://github.com/DinoLeung/TeleDart
Pascal. TGBotMini. Telegram Bot Mini API.
https://github.com/HemulGM/TGBotMini
Pascal. TGBotMini. Telegram Bot Mini API. +https://github.com/HemulGM/TGBotMini
Clojure. telegrambot-lib. A library for interacting with the Telegram Bot API.
https://github.com/wdhowe/telegrambot-lib
Clojure. telegrambot-lib. A library for interacting with the Telegram Bot API. +https://github.com/wdhowe/telegrambot-lib
Lua. telegram-bot-lua. A feature-filled Telegram Bot API library.
https://github.com/wrxck/telegram-bot-lua
Lua. telegram-bot-lua. A feature-filled Telegram Bot API library. +https://github.com/wrxck/telegram-bot-lua
OCaml. TelegraML. A library for creating bots for Telegram.
https://github.com/nv-vn/TelegraML
OCaml. TelegraML. A library for creating bots for Telegram. +https://github.com/nv-vn/TelegraML
Haskell. haskell-telegram-api. High-level bindings to the Telegram Bot API based on servant library.
https://github.com/klappvisor/haskell-telegram-api
Haskell. haskell-telegram-api. High-level bindings to the Telegram Bot API based on servant library. +https://github.com/klappvisor/haskell-telegram-api
Perl. Telegram Bot. A genuine Perl 6 client for the Telegram's Bot API.
https://github.com/GildedHonour/TelegramBot
Perl. Telegram Bot. A genuine Perl 6 client for the Telegram's Bot API. +https://github.com/GildedHonour/TelegramBot
Other advantages may include saving some potential CPU cycles and an increase in response time, these things however depend heavily on the usage pattern of your bot.
Setting a webhook means you supplying Telegram with a location in the form of a URL, on which your bot listens for updates. We need to be able to connect and post updates to that URL.
To ensure that we can do that, there are some basic requirements:
-You'll need a server that:
+You'll need a server that:
149.154.160.0/20 and 91.108.4.0/22 on port 443, 80, 88, or 8443. That’s almost all there’s to it.
If you decide to limit traffic to our specific range of addresses, keep an eye on this document whenever you seem to run into trouble. Our IP-range might change in the future.
That’s almost all there’s to it. +If you decide to limit traffic to our specific range of addresses, keep an eye on this document whenever you seem to run into trouble. Our IP-range might change in the future.
+Setting a webhook needs a URL for us to post to. For that you'll need a server with a domain name. If you don't have one, you'll need to obtain one first. Telegram currently doesn't offer hosting or domain name services. There are quite a few VPS/Web hosting providers around the internet, feel free to pick one to your liking.
If you're using a self-signed certificate, you may use the IP as a CN, instead of the domain name.
How do I get a server with a domain name?
Setting a webhook needs a URL for us to post to. For that you'll need a server with a domain name. If you don't have one, you'll need to obtain one first. Telegram currently doesn't offer hosting or domain name services. There are quite a few VPS/Web hosting providers around the internet, feel free to pick one to your liking. +If you're using a self-signed certificate, you may use the IP as a CN, instead of the domain name. +How do I get a server with a domain name?
A webhook needs an open port on your server. We currently support the following ports: 443, 80, 88 and 8443. Other ports are not supported and will not work. Make sure your bot is running on one of those supported ports, and that the bot is reachable via its public address.
If you want to limit access to Telegram only, please allow traffic from 149.154.160.0/20 and 91.108.4.0/22.
Whenever something stops working in the future, please check this document again as
the range might expand or change.A webhook requires SSL/TLS encryption, no matter which port is used. It's not possible to use a plain-text HTTP webhook. You shouldn't want to either, for the sake of your bot and users.
SSL/TLS, why do I have to handle this for a webhook?
A webhook requires SSL/TLS encryption, no matter which port is used. It's not possible to use a plain-text HTTP webhook. You shouldn't want to either, for the sake of your bot and users. +SSL/TLS, why do I have to handle this for a webhook?
We support any SSL/TLS version TLS1.2 and up for your webhook. This means that SSLV2/3/TLS1.0/TSL1.1 are NOT supported, due to security issues associated with those older versions.
How do I check that I’m handling the right version?
We support any SSL/TLS version TLS1.2 and up for your webhook. This means that SSLV2/3/TLS1.0/TSL1.1 are NOT supported, due to security issues associated with those older versions. +How do I check that I’m handling the right version?
The common name (CN) of your certificate (self-signed or verified) has to match the domain name where your bot is hosted. You may also use a subject alternative name (SAN), that matches the domain for your webhook. Server Name Indication (SNI)-routing is supported. If you're using a self-signed certificate, you may use the IP as a CN, instead of the domain name.
A certificate, where do I get one, and how?
The common name (CN) of your certificate (self-signed or verified) has to match the domain name where your bot is hosted. You may also use a subject alternative name (SAN), that matches the domain for your webhook. Server Name Indication (SNI)-routing is supported. If you're using a self-signed certificate, you may use the IP as a CN, instead of the domain name. +A certificate, where do I get one, and how?
A certificate can either be verified or self-signed. Setting a webhook with a self-signed certificate differs a little from setting a webhook with a verified certificate. Ensure you're using the correct setup for the type of certificate you've chosen for your webhook.
How do I set a webhook for either type?
A certificate can either be verified or self-signed. Setting a webhook with a self-signed certificate differs a little from setting a webhook with a verified certificate. Ensure you're using the correct setup for the type of certificate you've chosen for your webhook. +How do I set a webhook for either type?
Not all verified certificates are supported. Certificates are based on a network of trust and come in a chain. Trusting your verified certificate means we have to trust the provider of that certificate, the Certificate Authority (and hence its root certificate). Before you pick a certificate provider, Check this list to make sure that we actually trust their root certificate.
What if my root certificate isn’t on that list?
Not all verified certificates are supported. Certificates are based on a network of trust and come in a chain. Trusting your verified certificate means we have to trust the provider of that certificate, the Certificate Authority (and hence its root certificate). Before you pick a certificate provider, Check this list to make sure that we actually trust their root certificate. +What if my root certificate isn’t on that list?
Ok, so you already had a certificate installed and just discovered it’s not on our list.
Start by ignoring it, and just try to set it. We occasionally add extra root certificates to keep up with popular demand, so the list isn't always exhaustive. Unlucky after all? We'll allow you to supply an unsupported root certificate when setting the webhook. This method is nearly identical to setting a self-signed certificate webhook. Instead of your self-signed certificate you'll be sending us the root certificate as inputFile.
Setting a verified webhook with an untrusted root
Ok, so you already had a certificate installed and just discovered it’s not on our list. +Start by ignoring it, and just try to set it. We occasionally add extra root certificates to keep up with popular demand, so the list isn't always exhaustive. Unlucky after all? We'll allow you to supply an unsupported root certificate when setting the webhook. This method is nearly identical to setting a self-signed certificate webhook. Instead of your self-signed certificate you'll be sending us the root certificate as inputFile. +Setting a verified webhook with an untrusted root
Some verified certificates require an intermediate certificate. In this construction the provider of your verified certificate has used their root certificate to sign an intermediate certificate. This intermediate certificate is then used to sign your verified certificate. You'll need to provide the intermediate certificate for us to be able to verify the chain of trust. CA's that use this type of chain supply an intermediate certificate.
Supplying an intermediate certificate
Some verified certificates require an intermediate certificate. In this construction the provider of your verified certificate has used their root certificate to sign an intermediate certificate. This intermediate certificate is then used to sign your verified certificate. You'll need to provide the intermediate certificate for us to be able to verify the chain of trust. CA's that use this type of chain supply an intermediate certificate. +Supplying an intermediate certificate
Since we know webhooks can be a tad overwhelming, we’re working on a little digital assistant that’ll try and help you with the most common problems, it's not nearly perfect, but you may try using @CanOfWormsBot to check if your chain of certificates is installed correctly before contacting support.
+Since we know webhooks can be a tad overwhelming, we’re working on a little digital assistant that’ll try and help you with the most common problems, it's not nearly perfect, but you may try using @CanOfWormsBot to check if your chain of certificates is installed correctly before contacting support.
We took the liberty of adding a set of example updates. They come in handy when testing your bot, no matter which method of getting updates you might be using.
If by now you're looking for your fishing gear because we've mentioned ports and hooks or you're about to Google what kind of bait URL and TLS exactly are, this guide might not be completely for you. You’re quite likely still a brilliant bot programmer, don’t worry. Perhaps this whole webhook thing is just new to you, not all is lost. If you currently have a working getUpdates situation, it's a good idea to pick up this guide again on a rainy Sunday afternoon and take your time to read up on some subjects around the internet. This guide can only contain a finite amount of information after all.
+If by now you're looking for your fishing gear because we've mentioned ports and hooks or you're about to Google what kind of bait URL and TLS exactly are, this guide might not be completely for you. You’re quite likely still a brilliant bot programmer, don’t worry. Perhaps this whole webhook thing is just new to you, not all is lost. If you currently have a working getUpdates situation, it's a good idea to pick up this guide again on a rainy Sunday afternoon and take your time to read up on some subjects around the internet. This guide can only contain a finite amount of information after all.
If you use a webhook, we have to deliver requests to your bot to a server we can reach. So yes, you need a server we can connect to. It can be anywhere in the galaxy, if you ensure we can reach the server by domain name (or at least via IP for a self-signed certificate), it will work just fine.
-There are quite a few ways to get this done, as a novice however it's likely that you're not directly jumping at the chance of crafting this from scratch. Actually, as a novice, we recommend you don't. It's likely to be a complex and long ride.
+There are quite a few ways to get this done, as a novice however it's likely that you're not directly jumping at the chance of crafting this from scratch. Actually, as a novice, we recommend you don't. It's likely to be a complex and long ride.
If you got stuck here, make a choice:
You use getUpdates at the moment and it works, keep it that way. Especially if you're running your bot from a nice machine that does well. There is nothing wrong with using getUpdates.
+You use getUpdates at the moment and it works, keep it that way. Especially if you're running your bot from a nice machine that does well. There is nothing wrong with using getUpdates.
Go with a hosted service and let a bunch of professionals worry about things like registering a domain, setting up DNS, a web server, securing it and so on.
+Go with a hosted service and let a bunch of professionals worry about things like registering a domain, setting up DNS, a web server, securing it and so on.
If you're going with a hosted service, make sure to look for a hosting provider that
+If you're going with a hosted service, make sure to look for a hosting provider that
not only supports your code’s needs, for example: support for your PHP version,
but one that also handles SSL and allows you to create/deploy certificates.
- Go crazy, dive on the internet and start reading. Once you’re confident that you’ve got all the basic theories down, find yourself a nice hosted VPS or roll your own machine at home and get back to us here.
-How do I check for open ports or limit access to my bot?
+How do I check for open ports or limit access to my bot?
So you have the hosting thing down and all is good so far, however, when you enter the address of your bot in your browser it seems unreachable.
-Explaining every firewall or web server solution in detail isn't possible for us, which we hope you understand. If you’re running a hosted solution, you’re more likely to have a nice UI where you configure these settings. Head to your configuration panel and check all of them. If you’re on a Linux based VPS with shell access, we have some tips for you:
+Explaining every firewall or web server solution in detail isn't possible for us, which we hope you understand. If you’re running a hosted solution, you’re more likely to have a nice UI where you configure these settings. Head to your configuration panel and check all of them. If you’re on a Linux based VPS with shell access, we have some tips for you:
-- Make sure your bot process is indeed configured to listen on the port you're using.
netstat –ln | grep portnumber
Shows you if your bot is actually listening for incoming requests on the port you expect.
sudo lsof -i | grep process name
Is a simple way to check if that’s actually being listened on by the process your bot is using.
-
-
-- Make sure it’s listening correctly.
Your bot has to listen on the address you’ve exposed to the outside (your public IP), it can also listen on all addresses (*: or 0.0.0.0).
The netstat and lsof-commands mentioned above assist in checking this. If nothing shows up, it is time to check your configuration and fix it. Set the correct IP, make sure it’s listening on a supported port and fire away! Just use a Web Browser to check if you’re reachable. The problem can be in the configuration of your bot, your web server virtual host configuration, or the servers binding configuration.
-
-
-If you still can’t reach your address, check your firewall.
sudo iptables –L
OR
sudo ufw status verbose (Ubuntu)
Gives you some insight in the current firewall settings.
+-
+
Make sure your bot process is indeed configured to listen on the port you're using.
+netstat –ln | grep portnumber
+Shows you if your bot is actually listening for incoming requests on the port you expect.
+sudo lsof -i | grep process name
+Is a simple way to check if that’s actually being listened on by the process your bot is using.
-If it looks like you’re blocking incoming traffic, let’s fix that.
sudo iptables –A INPUT –p tcp –m tcp –dport portnumber -j ACCEPT
OR
sudo ufw allow portnumber/tcp
Allows incoming traffic on all interfaces to the specified tcp port.
sudo iptables –A INPUT –i interfacename –p tcp –m tcp –dport portnumber -j ACCEPT
OR
sudo ufw allow in on interfacename to any port portnumber proto tcp
Allows incoming traffic to a specific interface and a specific port from everywhere.
sudo ifconfig
Helps you find the interface with the public address you’re going to use.
+-
+
Make sure it’s listening correctly.
+Your bot has to listen on the address you’ve exposed to the outside (your public IP), it can also listen on all addresses (*: or 0.0.0.0).
+The netstat and lsof-commands mentioned above assist in checking this. If nothing shows up, it is time to check your configuration and fix it. Set the correct IP, make sure it’s listening on a supported port and fire away! Just use a Web Browser to check if you’re reachable. The problem can be in the configuration of your bot, your web server virtual host configuration, or the servers binding configuration.
+
+-
+
If you still can’t reach your address, check your firewall.
+sudo iptables –L
+OR
+sudo ufw status verbose (Ubuntu)
+Gives you some insight in the current firewall settings.
+
+-
+
If it looks like you’re blocking incoming traffic, let’s fix that.
+sudo iptables –A INPUT –p tcp –m tcp –dport portnumber -j ACCEPT
+OR
+sudo ufw allow portnumber/tcp
+Allows incoming traffic on all interfaces to the specified tcp port.
+sudo iptables –A INPUT –i interfacename –p tcp –m tcp –dport portnumber -j ACCEPT
+OR
+sudo ufw allow in on interfacename to any port portnumber proto tcp
+Allows incoming traffic to a specific interface and a specific port from everywhere.
+sudo ifconfig
+Helps you find the interface with the public address you’re going to use.
If you use iptables, make sure to actually SAVE after changing the configuration.
On a Debian based system the iptables-persistent package is be a good option.
RHEL/CentOS offers a service iptables save -command.
-A quick online search for "YOUROPERATINGSYSTEM save iptables" also helps.
+A quick online search for "YOUROPERATINGSYSTEM save iptables" also helps.sudo iptables –A INPUT –i interfacename –p tcp –m iprange -s 149.154.160.0/20,91.108.4.0/22 –dport portnumber -j ACCEPTsudo ufw allow in on interfacename to any port portnumber proto tcp from 149.154.160.0/20
+- If you’re just looking for some hints on how to limit incoming traffic:
+
sudo iptables –A INPUT –i interfacename –p tcp –m iprange -s 149.154.160.0/20,91.108.4.0/22 –dport portnumber -j ACCEPT
+ORsudo ufw allow in on interfacename to any port portnumber proto tcp from 149.154.160.0/20
sudo ufw allow in on interfacename to any port portnumber proto tcp from 91.108.4.0/22
-Allows incoming traffic to a specific interface and a specific port from a specific range of addresses. (ufw is using a subnet mask in the example, ranging from 192-255)
+Allows incoming traffic to a specific interface and a specific port from a specific range of addresses. (ufw is using a subnet mask in the example, ranging from 192-255)
+That’s all for our examples. More information on best practices for setting up your firewall, on whichever operating system you prefer for your bot, is best found on the internet.
-You’re already familiar with it in some form or another. Whenever you see that (nicely green) lock in your browser bar, you know it’s reasonably safe to assume that you’ve landed on the site you actually wanted to visit. If you see the green lock, that's SSL/TLS in action. If you want to learn more about how SSL/TLS works in general, it's best to search the internet.
-The main difference between getUpdates and a webhook is the way the connection takes place. getUpdates means you'll connect to our server, a webhook means we'll be connecting to your server instead. Connecting to your server has to be done secure, we have to know for sure it's you we're talking to after all. This means you'll have to handle all that server side encryption stuff, virtually presenting us with a green lock. If you use a web server for us to post to, you need to support SSL/TLS handling on the port/virtual host of your choice. An online search for “YOURWEBSERVER enable HTTPS” will help you.
+You’re already familiar with it in some form or another. Whenever you see that (nicely green) lock in your browser bar, you know it’s reasonably safe to assume that you’ve landed on the site you actually wanted to visit. If you see the green lock, that's SSL/TLS in action. If you want to learn more about how SSL/TLS works in general, it's best to search the internet.
+The main difference between getUpdates and a webhook is the way the connection takes place. getUpdates means you'll connect to our server, a webhook means we'll be connecting to your server instead. Connecting to your server has to be done secure, we have to know for sure it's you we're talking to after all. This means you'll have to handle all that server side encryption stuff, virtually presenting us with a green lock. If you use a web server for us to post to, you need to support SSL/TLS handling on the port/virtual host of your choice. An online search for "YOURWEBSERVER enable HTTPS" will help you.
Not using a regular web server? Have a look at our example page, most examples there include code for handling SSL/TLS in a webhook setup.
-You just read up on the whole SSL/TLS stuff, figured out that it’s not all that bad to setup and we add some more requirements. Here are some tips to check if you’re indeed supporting at least TLS1.2.
Several online services exist that allow you to check your certificate installation,
They give you an overview of your supported TLS versions/Cipher suites and other details. Search online for Symantec crypto report or Qualys ssl. Both supply tools to verify your setup.
Several online services exist that allow you to check your certificate installation, +They give you an overview of your supported TLS versions/Cipher suites and other details. Search online for Symantec crypto report or Qualys ssl. Both supply tools to verify your setup.
Checking locally can also be done, in several ways, here are three options,
+Checking locally can also be done, in several ways, here are three options,
Go simple:
Using Chrome as a browser? Open up the URL to your bot and inspect the certificate details. If you’re supporting TLS Chrome tells you so in the security overview tab. Other browsers are likely able to give you similar basic information.
Go simple: +Using Chrome as a browser? Open up the URL to your bot and inspect the certificate details. If you’re supporting TLS Chrome tells you so in the security overview tab. Other browsers are likely able to give you similar basic information.
Using curl:curl --tlsv1.2 -v -k https://yourbotdomain:yourbotport/
You can add --tlsv1.2 to force curl into using TLS1.2 when trying to connect. -k is optional and used to check against a self-signed certificate. yourbotdomain is the public hostname your webhook is running on. For local testing purposes you can also use the IP. yourbotport is the port you’re using.
Using curl:
+curl --tlsv1.2 -v -k https://yourbotdomain:yourbotport/
+You can add --tlsv1.2 to force curl into using TLS1.2 when trying to connect. -k is optional and used to check against a self-signed certificate. yourbotdomain is the public hostname your webhook is running on. For local testing purposes you can also use the IP. yourbotport is the port you’re using.
Using OpenSSLopenssl s_client -tls1_2 -connect yourbotdomain:yourbotport -servername yourbotdomain
You can add -tls1_2 to force OpenSSL into using TLS1.2 when trying to connect. yourbotdomain is the public hostname your webhook is running on. For local testing purposes you can also use the IP. yourbotport is the port you’re using. Note that https:// isn’t used for OpenSSL. -servername is optional, and included here for some shared hosters, which use SNI to route traffic to the correct domain. When SNI is used you’ll notice that your server appears to be returning a certificate for a different domain than your own. Adding -servername yourbotdomain ensures that SNI negotiation is done, and the correct certificate is returned.
Using OpenSSL
+openssl s_client -tls1_2 -connect yourbotdomain:yourbotport -servername yourbotdomain
+You can add -tls1_2 to force OpenSSL into using TLS1.2 when trying to connect. yourbotdomain is the public hostname your webhook is running on. For local testing purposes you can also use the IP. yourbotport is the port you’re using. Note that https:// isn’t used for OpenSSL. -servername is optional, and included here for some shared hosters, which use SNI to route traffic to the correct domain. When SNI is used you’ll notice that your server appears to be returning a certificate for a different domain than your own. Adding -servername yourbotdomain ensures that SNI negotiation is done, and the correct certificate is returned.
Some additional configuration pointers
+Some additional configuration pointers
SSLProtocol -all +TLSv1.2ssl_protocols TLSv1.2;-Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2-Djavax.net.debug=ssl,handshake,recordSSLProtocol -all +TLSv1.2ssl_protocols TLSv1.2;-Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2-Djavax.net.debug=ssl,handshake,recordOther tools that may help in debugging issues:
+Other tools that may help in debugging issues:
You need a certificate, pick on of these types;
Using a verified certificate means you already have, or will obtain, a certificate backed by a trusted certificate authority (CA). There are many ways to acquire a verified certificate, paid or free. Two popular examples of free suppliers are StartSSL and Let’s Encrypt. You’re welcome to pick another. Just make sure first the supplier is likely to be supported.
Check this list before selecting a CA.
Once you’ve picked a CA and validated your identity with them, you can craft your certificate. This frequently starts by generating a CSR (Certificate Signing Request). Generating a CSR is done either through your host machine, or online via the tools provided by the CA.
Here is an example (PEM format output).
+Using a verified certificate means you already have, or will obtain, a certificate backed by a trusted certificate authority (CA). There are many ways to acquire a verified certificate, paid or free. Two popular examples of free suppliers are StartSSL and Let’s Encrypt. You’re welcome to pick another. Just make sure first the supplier is likely to be supported. +Check this list before selecting a CA. +Once you’ve picked a CA and validated your identity with them, you can craft your certificate. This frequently starts by generating a CSR (Certificate Signing Request). Generating a CSR is done either through your host machine, or online via the tools provided by the CA.
+Here is an example (PEM format output).
openssl req -newkey rsa:2048 -keyout yourprivatekey.key -out yoursigningrequest.csropenssl req -newkey rsa:2048 -keyout yourprivatekey.key -out yoursigningrequest.csrAnother example:
+Another example:
keytool -genkey -alias yourbotdomainname -keyalg RSA -keystore yourkeystore.jks -keysize 2048keytool -genkey -alias yourbotdomainname -keyalg RSA -keystore yourkeystore.jks -keysize 2048---
-Enter keystore password:
+Enter keystore password:
Re-enter new password:
-What is your first and last name? [Unknown]: yourbotdomainname
-What is the name of your organizational unit? [Unknown]:
-What is the name of your organization? [Unknown]:
-What is the name of your City or Locality? [Unknown]:
-What is the name of your State or Province? [Unknown]:
-What is the two-letter country code for this unit? [Unknown]:
-Is CN=test.telegram.org, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
-[no]: yes
-Enter key password for yourbotdomainname
+What is your first and last name? [Unknown]: yourbotdomainname
+What is the name of your organizational unit? [Unknown]:
+What is the name of your organization? [Unknown]:
+What is the name of your City or Locality? [Unknown]:
+What is the name of your State or Province? [Unknown]:
+What is the two-letter country code for this unit? [Unknown]:
+Is CN=test.telegram.org, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
+[no]: yes
+Enter key password for yourbotdomainname
(RETURN if same as keystore password):
---This generates the initial keystore, from which you can then create a CSR like this:
@@ -248,65 +325,83 @@ Enter key password for yourbotdomainname---
Enter keystore password:
---To validate your certificate the Common Name (CN) has to match your webhook domain. Example, if you’re using https://www.example.com/example.php as a webhook address, the certificate CN has to be www.example.com.
So you need an exact match of the FQDN you’re setting for the webhook
To validate your certificate the Common Name (CN) has to match your webhook domain. Example, if you’re using https://www.example.com/example.php as a webhook address, the certificate CN has to be www.example.com. +So you need an exact match of the FQDN you’re setting for the webhook
There is an exception, if you’re using a SAN (Subject Alternative Name) the webhook address can either match the CN of your certificate, OR one of the SANs provided in the certificate. In most cases you’ll be using the CN.
Create your CSR and supply the contents of the file to your CA. Most CA’s are kind enough to give you an example command of the input format they expect.
-cat yoursigningrequest.csr or cat yourbotdomainname.csr
Lets you have a look at the CSR we just generated:
cat yoursigningrequest.csr or cat yourbotdomainname.csr
+Lets you have a look at the CSR we just generated:
That doesn’t seem to informative, but we can deduce that the file is in PEM format (ASCII base64 encoded) and contains a certificate signing request. Luckily it is possible to look at the human readable contents of the CSR. Use the following commands to double check if all fields are set correctly.
Using OpenSSLopenssl req -text -noout -verify -in yoursigningrequest.csr
Using OpenSSL
+openssl req -text -noout -verify -in yoursigningrequest.csr
Using Java keytoolkeytool -printcertreq -v -file yourbotdomainname.csr
Using Java keytool
+keytool -printcertreq -v -file yourbotdomainname.csr
Verify your CSR and supply it to your CA to get a certificate. We’ll use StartSSL as an example here. StartSSL allows you to set up to 5 names (SAN), Their intermediate certificate is also needed for a webhook to work, which makes for a nice complete example.
Go to the certificates wizard, enter the required hostname(s) for your SSL certificate (this is the CN you’ve also set in the CSR and an optional SAN).
In the example above we’ve chosen to set a CN (test.telegram.org), but also a SAN (sanexample.telegram.org) The CN given has to match the CN used for generating the CSR.
Set your CN (and optional SAN) and copy the contents of the yoursigningrequest.csr file.
In the example above we’ve chosen to set a CN (test.telegram.org), but also a SAN (sanexample.telegram.org) The CN given has to match the CN used for generating the CSR.
+Set your CN (and optional SAN) and copy the contents of the yoursigningrequest.csr file.
Paste the contents, submit and you’re done.
Now you can download the created certificate directly. In the example used above you’ll receive a zip file with several PEM certificates. The root, intermediate and yourdomain certificate.
You need the intermediate and yourdomain to set a webhook with a StartSSL certificate.
Now you can download the created certificate directly. In the example used above you’ll receive a zip file with several PEM certificates. The root, intermediate and yourdomain certificate.
+You need the intermediate and yourdomain to set a webhook with a StartSSL certificate.
You can inspect the set of certificates you’ve just downloaded.
Here are some example commands:
+Here are some example commands:
Using OpenSSL:openssl x509 -in yourdomain.crt -text -noout
Using OpenSSL:
+openssl x509 -in yourdomain.crt -text -noout
Using Java keytool:keytool -printcert -v -yourdomain.crt
Using Java keytool:
+keytool -printcert -v -yourdomain.crt
Using Windows:
StartSSL supplies certificates in PEM format with a .crt extension, on Windows you can view the contents of them with a quick double click. Extract the files or open the “Otherserver.zip” and double click each of the certificates for inspection. The details tab supplies you with extra information.
Make sure you have a correct CN in the Subject-field of the yourdomain-certificate. If you're using a SAN, make sure that it is listed in the Subject Alternative Name-field.
Using Windows:
+StartSSL supplies certificates in PEM format with a .crt extension, on Windows you can view the contents of them with a quick double click. Extract the files or open the "Otherserver.zip" and double click each of the certificates for inspection. The details tab supplies you with extra information.
+Make sure you have a correct CN in the Subject-field of the yourdomain-certificate. If you're using a SAN, make sure that it is listed in the Subject Alternative Name-field.
With your fresh certificates at hand, you can now continue setting your webhook.
Using a self-signed certificate means you’ll forfeit on the chain of trust backed by a CA. Instead you are the CA. For this to work, a slight difference in setup is required. Because Telegram will have no chain of trust to verify your certificate, you have to use the generated public certificate as an input file when setting the webhook. Keep in mind that the certificate file has to be uploaded as multipart/form data in PEM encoded (ASCII BASE64) format.
First let’s generate some certificates:
+First let’s generate some certificates:
Using OpenSSL:openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
You’ll end up with 2 files, a private key and the public certificate file. Use YOURPUBLIC.PEM as input file for setting the webhook.
Using OpenSSL:
+openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
+You’ll end up with 2 files, a private key and the public certificate file. Use YOURPUBLIC.PEM as input file for setting the webhook.
Using Java keytool:keytool -genkey -keyalg RSA -alias YOURDOMAIN.EXAMPLE -keystore YOURJKS.jks -storepass YOURPASSWORD -validity 360 -keysize 2048
Using Java keytool:
+keytool -genkey -keyalg RSA -alias YOURDOMAIN.EXAMPLE -keystore YOURJKS.jks -storepass YOURPASSWORD -validity 360 -keysize 2048
What is your first and last name?
[test.telegram.org]:
What is the name of your organizational unit?
@@ -319,20 +414,27 @@ What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
-Is CN=test.telegram.org, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
-[no]: yesOnce done you’ll need 2 more commands to export the public certificate file from the generated store (you’ll be using the store for your JVM and the PEM for setting the webhook)
Convert the JKS to pkcs12 (intermediate step for conversion to PEM):keytool -importkeystore -srckeystore YOURJKS.jks -destkeystore YOURPKCS.p12 -srcstoretype jks -deststoretype pkcs12
Convert the JKS to pkcs12 (intermediate step for conversion to PEM):
+keytool -importkeystore -srckeystore YOURJKS.jks -destkeystore YOURPKCS.p12 -srcstoretype jks -deststoretype pkcs12
Convert PKCS12 to PEM (requires OpenSSL)openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem -nokeys
Convert PKCS12 to PEM (requires OpenSSL)
+openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem -nokeys
Using Windows:
Creating a self-signed certificate using Windows native utilities is also possible, although OpenSSL binaries for Windows are available online.certreq -new TEMPLATE.txt RequestFileOut generates a CSR.
Using Windows:
+Creating a self-signed certificate using Windows native utilities is also possible, although OpenSSL binaries for Windows are available online.
+certreq -new TEMPLATE.txt RequestFileOut generates a CSR.
TEMPLATE.txt example file:
+TEMPLATE.txt example file:
[NewRequest]
; At least one value must be set in this section
-Subject = "CN=DOMAIN.EXAMPLE"
+Subject = "CN=DOMAIN.EXAMPLE"
KeyLength = 2048
KeyAlgorithm = RSA
HashAlgorithm = sha256
@@ -344,52 +446,73 @@ Exportable = true ;makes the private key exportable with the PFXA self-signed certificate is generated and installed, to use the certificate for a self-signed webhook you'll have to export it in PEM format.
+A self-signed certificate is generated and installed, to use the certificate for a self-signed webhook you'll have to export it in PEM format.
Windows continued:
+Windows continued:
You can have a look at the certificates in your store with:certutil -store -user my
You can have a look at the certificates in your store with:
+certutil -store -user my
To export the installed certificate in DER format (intermediate step for conversion to PEM):certutil -user -store -split my SERIALNUMBER YOURDER.der
To export the installed certificate in DER format (intermediate step for conversion to PEM):
+certutil -user -store -split my SERIALNUMBER YOURDER.der
Now you can convert the certificate to PEM:certutil -encode YOURDER.der YOURPEM.pem
Remember that only the public certificate is needed as input for the self-signed webhook certificate parameter.certmgr.msc can also be used as a GUI to export the public part of self-signed certificate to PEM.
Now you can convert the certificate to PEM:
+certutil -encode YOURDER.der YOURPEM.pem
+Remember that only the public certificate is needed as input for the self-signed webhook certificate parameter.
+certmgr.msc can also be used as a GUI to export the public part of self-signed certificate to PEM.
After following the above you'll end up with a nice self-signed certificate. You’ll still have to set the webhook, and handle SSL correctly.
-After following the above you'll end up with a nice self-signed certificate. You’ll still have to set the webhook, and handle SSL correctly.
+The setWebhook method is needed for both types. For a verified certificate with a trusted root CA, it’s enough to use the setWebhook method with just the URL parameter.
curl -F "url=https://<YOURDOMAIN.EXAMPLE>/<WEBHOOKLOCATION>" https://api.telegram.org/bot<YOURTOKEN>/setWebhookcurl -F "url=https://<YOURDOMAIN.EXAMPLE>/<WEBHOOKLOCATION>" https://api.telegram.org/bot<YOURTOKEN>/setWebhookFor a self-signed certificate an extra parameter is needed, certificate, with the public certificate in PEM format as data.
curl -F "url=https://<YOURDOMAIN.EXAMPLE>/<WEBHOOKLOCATION>" -F "certificate=@<YOURCERTIFICATE>.pem" https://api.telegram.org/bot<YOURTOKEN>/setWebhookcurl -F "url=https://<YOURDOMAIN.EXAMPLE>/<WEBHOOKLOCATION>" -F "certificate=@<YOURCERTIFICATE>.pem" https://api.telegram.org/bot<YOURTOKEN>/setWebhookThe -F means we’re using the multipart/form-data-type to supply the certificate, the type of the certificate parameter is inputFile. Make sure that you’re supplying the correct type.
Both parameters for the setWebhook method are classed as optional. Calling the method with an empty URL parameter can be used to clear a previously set webhook.
curl -F "url=" https://api.telegram.org/bot<YOURTOKEN>/setWebhookcurl -F "url=" https://api.telegram.org/bot<YOURTOKEN>/setWebhookKeep in mind that the URL parameter starts with https:// when setting a webhook. By default that means we’re knocking at your door on port 443. If you want to use another port (80,88 or 8443), you’ll have to specify the port in the URL parameter.
url=https://<YOURDOMAIN.EXAMPLE>:88/<WEBHOOKLOCATION>url=https://<YOURDOMAIN.EXAMPLE>:88/<WEBHOOKLOCATION>If you already have a verified certificate and our servers don’t trust your root CA, we have an alternative way for you to set a webhook. Instead of using the setWebhook method without the certificate parameter, you can use the self-signed method. Your CA's root certificate has to be used as an inputFile for the certificate parameter.
If you already have a verified certificate and our servers don’t trust your root CA, we have an alternative way for you to set a webhook. Instead of using the setWebhook method without the certificate parameter, you can use the self-signed method. Your CA's root certificate has to be used as an inputFile for the certificate parameter.
curl -F "url=https://<YOURDOMAIN.EXAMPLE>" -F "certificate=@<YOURCAROOTCERTIFICATE>.pem" https://api.telegram.org/bot<YOURTOKEN>/setWebhookcurl -F "url=https://<YOURDOMAIN.EXAMPLE>" -F "certificate=@<YOURCAROOTCERTIFICATE>.pem" https://api.telegram.org/bot<YOURTOKEN>/setWebhook
+Before you can do this, you need the root certificate of your certificate’s CA. Most CA’s supply their root certificates in several different formats (PEM/DER/etc.). Visit your CA’s website, and download the Root certificate indicated for your verified certificate.You can use these commands to quickly convert a DER formatted root certificate to PEM:
Using OpenSSL:openssl x509 -inform der -in root.cer -out root.pem
Using OpenSSL:
+openssl x509 -inform der -in root.cer -out root.pem
Using Java keytool:keytool -import -alias Root -keystore YOURKEYSTORE.JKS -trustcacerts -file ROOTCERT.CER
The root certificate needs to be imported in your keystore first:keytool -exportcert -alias Root -file <YOURROOTPEMFILE.PEM> -rfc -keystore YOURKEYSTORE.JKS
Using Java keytool:
+keytool -import -alias Root -keystore YOURKEYSTORE.JKS -trustcacerts -file ROOTCERT.CER
+The root certificate needs to be imported in your keystore first:
+keytool -exportcert -alias Root -file <YOURROOTPEMFILE.PEM> -rfc -keystore YOURKEYSTORE.JKS
Once done, set your webhook with the root-pem-file and you’ll be good to go. If you need more pointers, have a look at the self-signed part of this guide.
-Once you’ve crafted your certificate, your CA might present you with a nice bundle. Most bundles contain a root certificate, your public certificate and sometimes an intermediate certificate. StartSSL is one of many CA’s that’ll supply such an intermediate beast. This certificate has to be supplied in the chain of certificates you’re presenting to us when we connect to your server. If an intermediate was used to sign your certificate but isn’t supplied to our servers, we won’t be able to verify the chain of trust and your webhook will not work.
If your webhook isn’t working and you’re wondering if the chain is complete:
Here’s an example of a complete chain, note that in this case 2 intermediate certificates have been supplied.
Even though your browser might not complain when visiting your page, an incomplete chain will not work for your webhook. If your chain is incomplete we have some tips to add them to your current setup:
Apache:
Add the intermediate certificate to the end of the file configured in the SSLCertificateFile directive of your virtual host configuration. If you’re using an older version than Apache 2.4.8, you may use the SSLCertificateChainFile directive instead.
Apache:
+Add the intermediate certificate to the end of the file configured in the SSLCertificateFile directive of your virtual host configuration. If you’re using an older version than Apache 2.4.8, you may use the SSLCertificateChainFile directive instead.
Nginx:
Add the intermediate certificate to the end of the file configured in the ssl_certificate_key directive of your virtual host configuration.
Nginx:
+Add the intermediate certificate to the end of the file configured in the ssl_certificate_key directive of your virtual host configuration.
A quick command for doing this correctly:cat your_domain_name.pem intermediate.pem >> bundle.pem
Make sure the order is correct, expect failure otherwise.
A quick command for doing this correctly:
+cat your_domain_name.pem intermediate.pem >> bundle.pem
+Make sure the order is correct, expect failure otherwise.
Java keytool:keytool -import -trustcacerts -alias intermediate -file intermediate.pem -keystore YOURKEYSTORE.jks
Java keytool:
+keytool -import -trustcacerts -alias intermediate -file intermediate.pem -keystore YOURKEYSTORE.jks
The end result of all this is a complete certificate chain, backed by either a root certificate we trust or, in the case of an untrusted root, a root certificate you're supplying to us. Make sure to verify your setup again after adding the intermediate, once done, you're good to go!
-The end result of all this is a complete certificate chain, backed by either a root certificate we trust or, in the case of an untrusted root, a root certificate you're supplying to us. Make sure to verify your setup again after adding the intermediate, once done, you're good to go!
+Update examples
A set of example updates, which comes in handy for testing your bot.
Update examples +A set of example updates, which comes in handy for testing your bot.
Message with text using curl:
-curl --tlsv1.2 -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test",
- "username":"Test"
+-
+
Message with text using curl:
+curl --tlsv1.2 -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test",
+ "username":"Test"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test",
- "username":"Test"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test",
+ "username":"Test"
},
- "text":"/start"
+ "text":"/start"
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" --tlsv1.2 will force using TLS1.2.
Message with text using Postman:
-Message with text using Postman:
More examples in curl:
+More examples in curl:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "id":1111111,
- "type": "private",
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Message with text:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "type": "private",
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "text":"/start"
+ "text":"/start"
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "id":1111111,
- "type": "private",
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Forwarded message:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "type": "private",
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "forward_from": {
- "last_name":"Forward Lastname",
- "id": 222222,
- "first_name":"Forward Firstname"
+ "forward_from": {
+ "last_name":"Forward Lastname",
+ "id": 222222,
+ "first_name":"Forward Firstname"
},
- "forward_date":1441645550,
- "text":"/start"
+ "forward_date":1441645550,
+ "text":"/start"
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Forwarded channel message:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "forward_from": {
- "id": -10000000000,
- "type": "channel",
- "title": "Test channel"
+ "forward_from": {
+ "id": -10000000000,
+ "type": "channel",
+ "title": "Test channel"
},
- "forward_date":1441645550,
- "text":"/start"
+ "forward_date":1441645550,
+ "text":"/start"
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Message with a reply:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "text":"/start",
- "reply_to_message":{
- "date":1441645000,
- "chat":{
- "last_name":"Reply Lastname",
- "type": "private",
- "id":1111112,
- "first_name":"Reply Firstname",
- "username":"Testusername"
+ "text":"/start",
+ "reply_to_message":{
+ "date":1441645000,
+ "chat":{
+ "last_name":"Reply Lastname",
+ "type": "private",
+ "id":1111112,
+ "first_name":"Reply Firstname",
+ "username":"Testusername"
},
- "message_id":1334,
- "text":"Original"
+ "message_id":1334,
+ "text":"Original"
}
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"edited_message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Edited message:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"edited_message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "text":"Edited text",
- "edit_date": 1441646600
+ "text":"Edited text",
+ "edit_date": 1441646600
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Message with entities:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "text":"Bold and italics",
- "entities": [
+ "text":"Bold and italics",
+ "entities": [
{
- "type": "italic",
- "offset": 9,
- "length": 7
+ "type": "italic",
+ "offset": 9,
+ "length": 7
},
{
- "type": "bold",
- "offset": 0,
- "length": 4
+ "type": "bold",
+ "offset": 0,
+ "length": 4
}
]
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Message with audio:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "audio": {
- "file_id": "AwADBAADbXXXXXXXXXXXGBdhD2l6_XX",
- "duration": 243,
- "mime_type": "audio/mpeg",
- "file_size": 3897500,
- "title": "Test music file"
+ "audio": {
+ "file_id": "AwADBAADbXXXXXXXXXXXGBdhD2l6_XX",
+ "duration": 243,
+ "mime_type": "audio/mpeg",
+ "file_size": 3897500,
+ "title": "Test music file"
}
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Voice message:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "voice": {
- "file_id": "AwADBAADbXXXXXXXXXXXGBdhD2l6_XX",
- "duration": 5,
- "mime_type": "audio/ogg",
- "file_size": 23000
+ "voice": {
+ "file_id": "AwADBAADbXXXXXXXXXXXGBdhD2l6_XX",
+ "duration": 5,
+ "mime_type": "audio/ogg",
+ "file_size": 23000
}
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"message":{
- "date":1441645532,
- "chat":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Message with a document:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"message":{
+ "date":1441645532,
+ "chat":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "message_id":1365,
- "from":{
- "last_name":"Test Lastname",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+ "message_id":1365,
+ "from":{
+ "last_name":"Test Lastname",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "document": {
- "file_id": "AwADBAADbXXXXXXXXXXXGBdhD2l6_XX",
- "file_name": "Testfile.pdf",
- "mime_type": "application/pdf",
- "file_size": 536392
+ "document": {
+ "file_id": "AwADBAADbXXXXXXXXXXXGBdhD2l6_XX",
+ "file_name": "Testfile.pdf",
+ "mime_type": "application/pdf",
+ "file_size": 536392
}
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"inline_query":{
- "id": 134567890097,
- "from":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Inline query:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"inline_query":{
+ "id": 134567890097,
+ "from":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "query": "inline query",
- "offset": ""
+ "query": "inline query",
+ "offset": ""
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"chosen_inline_result":{
- "result_id": "12",
- "from":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Chosen inline query:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"chosen_inline_result":{
+ "result_id": "12",
+ "from":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "query": "inline query",
- "inline_message_id": "1234csdbsk4839"
+ "query": "inline query",
+ "inline_message_id": "1234csdbsk4839"
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
+}' "https://YOUR.BOT.URL:YOURPORT/" curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
-"update_id":10000,
-"callback_query":{
- "id": "4382bfdwdsb323b2d9",
- "from":{
- "last_name":"Test Lastname",
- "type": "private",
- "id":1111111,
- "first_name":"Test Firstname",
- "username":"Testusername"
+- Callback query:
curl -v -k -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
+"update_id":10000,
+"callback_query":{
+ "id": "4382bfdwdsb323b2d9",
+ "from":{
+ "last_name":"Test Lastname",
+ "type": "private",
+ "id":1111111,
+ "first_name":"Test Firstname",
+ "username":"Testusername"
},
- "data": "Data from button callback",
- "inline_message_id": "1234csdbsk4839"
+ "data": "Data from button callback",
+ "inline_message_id": "1234csdbsk4839"
}
-}' "https://YOUR.BOT.URL:YOURPORT/"
-That's all we have for now!
+}' "https://YOUR.BOT.URL:YOURPORT/"That's all we have for now!
+How to create styled text with message entities
Telegram allows mentioning other users in case of urgent duckling matters, and quickly navigating to those mentions in order to read them as swiftly as possible.
+Telegram allows mentioning other users in case of urgent duckling matters, and quickly navigating to those mentions in order to read them as swiftly as possible.
+Message entity representing a user mention: for creating a mention use inputMessageEntityMentionName.
diff --git a/data/web/corefork.telegram.org/method/auth.sendCode b/data/web/corefork.telegram.org/method/auth.sendCode index a8b061697e..397eaab40f 100644 --- a/data/web/corefork.telegram.org/method/auth.sendCode +++ b/data/web/corefork.telegram.org/method/auth.sendCode @@ -153,6 +153,11 @@| Code | +Type | +Description | +
|---|---|---|
| 400 | +CHANNEL_INVALID | +The provided channel is invalid. | +
| 400 | +TOPIC_ID_INVALID | +The specified topic ID is invalid. | +
How to fetch results from large lists of objects.
diff --git a/data/web/corefork.telegram.org/method/channels.getForumTopicsByID b/data/web/corefork.telegram.org/method/channels.getForumTopicsByID index 1524f65c81..42b3dec8b1 100644 --- a/data/web/corefork.telegram.org/method/channels.getForumTopicsByID +++ b/data/web/corefork.telegram.org/method/channels.getForumTopicsByID @@ -82,6 +82,33 @@| Code | +Type | +Description | +
|---|---|---|
| 400 | +CHANNEL_FORUM_MISSING | +This supergroup is not a forum. | +
| 400 | +CHANNEL_INVALID | +The provided channel is invalid. | +
| 400 | +TOPICS_EMPTY | ++ |
| Code | +Type | +Description | +
|---|---|---|
| 400 | +INPUT_CHATLIST_INVALID | ++ |
Telegram allows creating forums with multiple distinct topics.
+Telegram allows creating forums with multiple distinct topics.
+Groups can be associated to a channel as a discussion group, to allow users to discuss about posts.
diff --git a/data/web/corefork.telegram.org/method/messages.getBotApp b/data/web/corefork.telegram.org/method/messages.getBotApp index e10c036040..f1d2c7ce33 100644 --- a/data/web/corefork.telegram.org/method/messages.getBotApp +++ b/data/web/corefork.telegram.org/method/messages.getBotApp @@ -99,7 +99,6 @@Telegram clients must handle special tg:// and t.me deep links encountered in messages, link entities and in other apps by registering OS handlers.
diff --git a/data/web/corefork.telegram.org/method/messages.getChatInviteImporters b/data/web/corefork.telegram.org/method/messages.getChatInviteImporters index 4833f13b8a..d2e7a182e1 100644 --- a/data/web/corefork.telegram.org/method/messages.getChatInviteImporters +++ b/data/web/corefork.telegram.org/method/messages.getChatInviteImporters @@ -124,6 +124,11 @@| Code | +Type | +Description | +
|---|---|---|
| 400 | +MSG_ID_INVALID | +Invalid message ID provided. | +
| 400 | +USER_ID_INVALID | +The provided user ID is invalid. | +
Telegram allows users to react on any message using specific emojis, triggering cute lottie animations.
diff --git a/data/web/corefork.telegram.org/method/messages.requestAppWebView b/data/web/corefork.telegram.org/method/messages.requestAppWebView index 56c032aaf1..f9a0834cb3 100644 --- a/data/web/corefork.telegram.org/method/messages.requestAppWebView +++ b/data/web/corefork.telegram.org/method/messages.requestAppWebView @@ -108,7 +108,6 @@Telegram clients must handle special tg:// and t.me deep links encountered in messages, link entities and in other apps by registering OS handlers.
diff --git a/data/web/corefork.telegram.org/method/messages.sendEncryptedService b/data/web/corefork.telegram.org/method/messages.sendEncryptedService index 365fc5e6f0..f248a9a95c 100644 --- a/data/web/corefork.telegram.org/method/messages.sendEncryptedService +++ b/data/web/corefork.telegram.org/method/messages.sendEncryptedService @@ -114,7 +114,7 @@| Code | +Type | +Description | +
|---|---|---|
| 400 | +CHAT_ADMIN_REQUIRED | +You must be an admin in this chat to do this. | +
Telegram allows importing messages and media from foreign chat apps.
diff --git a/data/web/corefork.telegram.org/method/messages.uploadMedia b/data/web/corefork.telegram.org/method/messages.uploadMedia index fc27f97511..477d173dd7 100644 --- a/data/web/corefork.telegram.org/method/messages.uploadMedia +++ b/data/web/corefork.telegram.org/method/messages.uploadMedia @@ -140,6 +140,11 @@From the standpoint of the high-level component, the client and the server exchange messages inside a session. The session is attached to the client device (the application, to be more exact) rather than a specific websocket/http/https/tcp connection. In addition, each session is attached to a user key ID by which authorization is actually accomplished.
+From the standpoint of the high-level component, the client and the server exchange messages inside a session. The session is attached to the client device (the application, to be more exact) rather than a specific WebSocket/http/https/tcp connection. In addition, each session is attached to a user key ID by which authorization is actually accomplished.
Several connections to a server may be open; messages may be sent in either direction through any of the connections (a response to a query is not necessarily returned through the same connection that carried the original query, although most often, that is the case; however, in no case can a message be returned through a connection belonging to a different session). When the UDP protocol is used, a response might be returned by a different IP address than the one to which the query had been sent.
There are several types of messages:
Error 429 (transport flood) is returned when too many transport connections are established to the same IP in a too short lapse of time, or if any of the container/service message limits are reached.
Error 444 (invalid DC) is returned while creating an auth key, connecting to an MTProxy or in other contexts if an invalid DC ID is specified.
Transport obfuscation is required to use the websocket transports.
+Transport obfuscation is required to use the WebSocket transports.
Transport obfuscation to prevent ISP blocks is implemented using the following protocol, situated under the MTProto transport in the ISO/OSI stack, see the recap; this means that the payload is first wrapped in the MTProto transport envelope (all transports are supported), and then obfuscated:
Prior to establishing the connection (and eventually sending the protocol header of a specific MTProto transport), a 64-byte (512-bit) random initialization payload is generated.
During the generation process, special care must be taken in order to avoid a situation where that the first int (first four bytes) of the random string are equal to one of the known protocol identifiers (see above).
diff --git a/data/web/corefork.telegram.org/mtproto/samples-auth_key.html b/data/web/corefork.telegram.org/mtproto/samples-auth_key.html
index efd6c18e11..f0454d16a0 100644
--- a/data/web/corefork.telegram.org/mtproto/samples-auth_key.html
+++ b/data/web/corefork.telegram.org/mtproto/samples-auth_key.html
@@ -53,9 +53,9 @@
Sent payload (excluding transport headers/trailers):
-0000 | 00 00 00 00 00 00 00 00 54 BC 00 00 FF 9A 9E 64
-0010 | 14 00 00 00 F1 8E 7E BE DA 60 3B 0B 6C 74 D6 0E
-0020 | C9 4A 04 D8 3A F2 02 7D0000 | 00 00 00 00 00 00 00 00 A4 55 01 00 ED 11 BD 64
+0010 | 14 00 00 00 F1 8E 7E BE 7A 1F FF 53 21 A4 04 32
+0020 | 84 F5 F3 02 41 19 D9 50Payload (de)serialization:
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;| message_id | 8, 8 | -54BC0000FF9A9E64 |
+A4550100ED11BD64 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| nonce | 24, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Random number |
| message_id | 8, 8 | -016463C2FF9A9E64 |
+01A0BF74ED11BD64 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| message_length | 16, 4 | -50000000 (80 in decimal) |
+C0000000 (192 in decimal) |
Message body length | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| nonce | 24, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| server_nonce | 40, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Server-generated random number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pq | 56, 12 | -081D0306D78C292A69000000TL byte deserialization => bigendian conversion to decimal => 2090522174869285481 |
+08289920606C461C09000000TL byte deserialization => bigendian conversion to decimal => 2925405031459331081 |
Single-byte prefix denoting length, an 8-byte string, and three bytes of padding | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| %(Vector long) | +%(Vector strlong) | 68, 4 | 15c4b51c |
Vector t constructor number from TL schema | @@ -208,22 +208,22 @@|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pq | 4, 12 | -081D0306D78C292A69000000TL byte deserialization => bigendian conversion to decimal => 2090522174869285481 |
+08289920606C461C09000000TL byte deserialization => bigendian conversion to decimal => 2925405031459331081 |
Single-byte prefix denoting length, 8-byte string, and three bytes of padding | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| p | 16, 8 | -044256A217000000TL byte deserialization => bigendian conversion to decimal => 1112973847 |
+0461EFF017000000TL byte deserialization => bigendian conversion to decimal => 1643114519 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| q | 24, 8 | -046FF4E77F000000TL byte deserialization => bigendian conversion to decimal => 1878321023 |
+046A1EC8DF000000TL byte deserialization => bigendian conversion to decimal => 1780402399 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| nonce | 32, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| server_nonce | 48, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| new_nonce | 64, 32 | -0E6358A884417C48A881CDB244E1CE7D 3FF7C4E44E381039EFDCE25766F48CE4 |
+6CA1C689075B8C4600AE538FC7FC25EB 2FA6AEB27C98DA611637330459E7262B |
Client-generated random number | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| message_id | 8, 8 | -9CA00900FF9A9E64 |
+64710400ED11BD64 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) | |||||||||||||||||||||||||||||||||||||||
| nonce | 24, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 | |||||||||||||||||||||||||||||||||||||||
| server_nonce | 40, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 | |||||||||||||||||||||||||||||||||||||||
| p | 56, 8 | -044256A217000000TL byte deserialization => bigendian conversion to decimal => 1112973847 |
+0461EFF017000000TL byte deserialization => bigendian conversion to decimal => 1643114519 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding | |||||||||||||||||||||||||||||||||||||||
| q | 64, 8 | -046FF4E77F000000TL byte deserialization => bigendian conversion to decimal => 1878321023 |
+046A1EC8DF000000TL byte deserialization => bigendian conversion to decimal => 1780402399 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding | |||||||||||||||||||||||||||||||||||||||
| encrypted_data | 80, 260 | -FE000100978CD0DA71C89E58D5DD3A36 9FD23C91CDF29AE8DEF7D7FADC5303F2 D7D0BF676E6408C20F9888167525245E 891B2884D4894406FD34D0A3739BB89D 8BEFC5982F4CE7D899CAD65156931C80 48627A86C3549183D914CFFBCB3B39E2 B719B1F243CEFBFEEB8E5EBCD0C34377 2500D27BA8CEB80A46FA4EEBD88435FD F979DF40938AC43C6947D55F7C313012 2D5D90BAA23C03CDBD5EEDDF9D1F0D46 054856E3A3F4A86E9BE4FF61E80FA560 6A9A0D1F797DE334D6DE845B71C48544 A5AC2ECEFC92F0194789C66085F6DBC1 D81E6674A8CDAC6D1911BAEAE1279133 C162A4091E04B85732AEBEC304C17DCD 5A8637413EC2CAE8B00A06A2121179D4DBAACBB7 |
+FE0001008A2A79C21D9784430CEF751E 4A40E5D5164F7FB8359E8AC36124DD9B 62F67C90F461D7430A775B4F7CE86695 EC96184E27A068E467F15DADB39811EE 6B2D4FF09214E8464D15AFA5B041AD2C 63A5DC4998483C0B8613F861F6418CB5 747037186FCDB931024825C624468745 C211F6411E1FAD46AF894557658CE235 E1E2D0CFFE775BBC4B67420ABB5E39D0 C4D662A9D40A5C0DEA36AC79B95187C0 C4116D05C1F5C103735ADA2F61ECB182 FAB923B941D2129268DF31C6C9648AD8 EE23E64A6CE497C385EC5C29B55BCB4D 6535DFED8120F0DF56465AA0DC5B47DC 4459C9C586E373A527594CA7B2766527 91C513E36AED4110E5CF2A925AAC1F5B4C6D57F9 |
Value generated above |
| message_id | 8, 8 | -0198C250009B9E64 |
+01C4B10BEE11BD64 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) | |||||||||||||||||||||||||||||||||||||||
| message_length | 16, 4 | -78020000 (632 in decimal) |
+A4020000 (676 in decimal) |
Message body length | |||||||||||||||||||||||||||||||||||||||
| nonce | 24, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 | |||||||||||||||||||||||||||||||||||||||
| server_nonce | 40, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 | |||||||||||||||||||||||||||||||||||||||
| encrypted_answer | 56, 596 | -FE500200A0352CC087EA1E380820F7C9 4661883208B6F39D47BADA5DC72B94D7 22F6F7C4194BD256B0754FBD65E2C2CA 6428AB697A3CD2255C3C28967A0B833C 1B51C9D573F2DEBCB9AE8EBF03F6C863 557D44027F39608B2CA02FC98FEFCD0C 1F315495E7ECC8B17A3347D66CFDE035 3DE7EB421FE063B0C2E485DC3EF6EB7B AE574B21DDDBF7D273BFD08B0A17CFB9 340DD2C9C4B6FFF24E02DE473222D086 9ED1A22EC6593F3A6EB655072ACAB454 DC1733A8BA64A2FAFCB9679D8F1A4320 4CBBF359605AFBA77F4F4B8986D8A84B 357683380978BB66F7158C5A89ED75B1 07998E89516DD933DEDE35D2FA4F53DF 4929541B4526FB1349381F96A857EEFB 9DF26584FF516FD06B2367960A4E386D 7DFA067E603041DB1ABD274828BD3D5F B7436DB2B1C25D8105F2108A48AE0BF4 196524E683EC10CC3AB8CD58358C02AC 41D926FF1ECD4A5F1936986BC97321BD 4C88ED7B5F094B1E70B72B5EFC1D86E9 824305195235F0E066F2DFA0BBD2488C C88BB57AC7895959CB1AFEBFB036FB92 00E844D26031A14ABBF518B0893AFA4C 29D7B06C690D5A7FD316CC920817D45E 7EFEBFEBB589BA99F4104093296E9999 B09EA66A72679ADDBACEC363D150E16D FB8D51C46E19505DC1539732DDD3CFF3 51BDCEB28AD3793C0DA308D12A313BD7 D266BBBA88765E20F339220858439768 072F26C4ABECCE48A5F899C526E5266F 7A4A4EF2F3B08B5F53AB6B4590F9E0DF 8B441005C80CE472E26831F864E0A9CE 06C9DFFEC4E6013A26B823A83BA4643D 5FDDB6DEEAF75DA30C87ABFE29F471DD 827B399C6EC59D98CEEE1FD430196395885FDBF9 |
+FE500200A388648CD5DA2B142328E2B5 A9A7884BAD7E839668D1293EE31351F6 2C682A7F57E1736E0B9B546CFE896B13 225E79256F4F2294EF95DE2D1CC0023B 2CE2376E39C76743F2B9AB7522B6DE54 F56FE3EC902974D1B824D1D9D2BF23FC F3086640D3E69BF13816BE72DE3671FE 80D61C6C3AD33708F6FF83DE4CE6D732 B6D41B31DCB6F3037A582984C3DF6B8B BEBA8716C451F26233C5D91BF7A85E2E A7C3E1A540F059C3F49A5631AD049227 CD5C234E86155D2B9AC45B5CCE995C85 4B8805CF4C833BBFFAE049B728F8ABCD 8B2B85941A4258915DADA8E02FB26BA7 7A1EB9D4FC64C3B50671DAA107F2BB3A B72B2F4E13BA2D404AAD5538DC164939 E8BD33A8533901C05AC8E20B70B7B87A 8811A78738FF0277B15785330C351EF6 97968F1F8CE754CCDD86127ED167835C 9BAF23D78E4C49E181751D49BD842B8C 858560FB1DA0D424431F40391BC11631 E1085DA2B036134369AD9CA19D6F5130 FABA5AEAF4FDB20B19DB3F951F0215A3 64C20F092D701F3DD09D24263800AAA4 666123EB55C9CBB1C36DAB843AD2A988 BE119773EE760D7E9F2C9AA4BBAD3844 197C431BFEEC91339208D41DA5BA2BEE 4543DCFEA6849E24CCE5CB90132ACC47 5BEF842A61CDDF76E8BFB9DB3060D885 040C41FD20A9F6CC72A09E8DF3C5FC54 4259796906048F83A0C0BAB4B8EA6E42 1E5B4A2F3C1EA19EDA720D983CA2D310 0A43890640E31808392F375C602CC47F 39A8DDEE811A7D286D9D6DA8F687FADC 9F81E52C9D4213788678D4477330AA0A 6B04DC05D7DF5A8D6EFC755270ACBC90 D2DA3673BA1A2F4AF5ED02868773170E8B5A63C6 |
See below |
| nonce | 4, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 | |||||||||||||||||||||||||||||||||||||||
| server_nonce | 20, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 | |||||||||||||||||||||||||||||||||||||||
| g_a | 300, 260 | -FE00010035D6639175B1FF6E0AC40189 370B3067AF8D52CEA7087E49E01707B5 E6112CB33327267BD526CDCD1E971B04 88E8C93510E86049B25F640170B02BDE 609E83050E5FAB0654C03837E7832018 152B11928E0F2E4C3327DBE2717E123C C5994EA0A6034CED7EAD34D99CA90D89 40B2065897EBF617B9B1662E682053CD C75A31FD6D7B27B1B8FE868C8139752A 4848A5493DFC71477009E0653D185051 A7D6F6C3A59C2A89EC8B9BCDD87CB849 893D709261D690E3843565DEB19B76B2 1FB8A0A28DE3BEA19869F1D73346909D 17666F94778077C599761176248536A8 BB944F4F73C366BF70A04D13326D2279 99E146C830A473FC9B1F3525263FE30B7D82C2B7 |
+FE00010058E1620D6674A2157FDB3E66 73F00386E2344EEFABCE42C02CCD18FE 7956945231BCFB649AD7DFBF69A59E39 F0EAB71ED41D4EFE0B50E2AA83AA7FE0 DAD6F0EC201870018B03E43D0A3D935B 68B6C2094C63067674814889A48D693C CC539F1E7903466ECB3B483530D5AA25 C6513AF4645AAAD8CCB0575491507805 8B4632C74C7ED016E8F7B6F3B0652F70 9DF778AD295D0814E1EBCDE345334268 07A9EA10155E0B11938223B501A6BAE2 E1B1F468E2626A2351BACAC6C7B4191F 9C58982A2F8D9F42669762212CB5F887 6BDE5C93D63E7337D1927B213474AD9F 00476A65D0B500ACB9A7A35C83AB0BC5 B83A2BDABC959F8D649AE2E5B77997DEF7A9652B |
g_a diffie-hellman parameter |
|||||||||||||||||||||||||||||||||||||||
| server_time | 560, 4 | -009B9E64 (1688115968 in decimal) |
+EE11BD64 (1690112494 in decimal) |
Server time |
| nonce | 4, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 | |||||||||||||||||||||||||||||||||||||||
| server_nonce | 20, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 | |||||||||||||||||||||||||||||||||||||||
| g_b | 36, 260 | -FE0001002545CE89DAD14BDF0F1E2E34 F366124474E221B5C2019CF5240612B8 1798311E9ED33201DE78EA34B59DC015 1E4CF820DEEC3850E1B08114B7599A1C 99F28A85234ABCF8DC8BE8AB0CD1019E C56AB7BB2E05F07B7656338BE254ABB2 F45AD42A86848E602B04A6B9CC926278 0D4F87505A8B17191F53E72BDB00AB29 0B76810EB15C873183D72EC3D2CB411C 3F4BDC7944E1CABF5571B152F7FC3CA1 DA470977329DC49854BA62A85AE7645F ECBD8183B5A4AAD06DFC56D4BA6106F8 1A45BEF32A9E4F56A213FB2A027B3ACD FDDDE6A6D57E68352C82F7C0D2108FC0 10725929CB7C88EE737F7B498D86134C 7C7F2626F0357067A07813C0D3F2C86876CC1FF1 |
+FE000100AA82DBBD312351768B5F124A DFB02652BEE2FAF1F8FFC91AA6B0345E 298872140BF61EFEC9CD11766ED91EF0 1F344035594C892977E472381070EBC0 B7C7892928EA191C7540DE70A25AB892 6787C0204DB502269A22DF61B19CD106 CBD7AFEB48CB5DD797A1FFD2BBE9EA1B F799122792F96B5D1F10E5E7DD0A5F5C 8AA09A3AA56B15CCA0F4D3CDBD9FB4AD D433FC63864D14131172AABD7F7835D0 419525EC50BBB849F90EDDB0A979603B 7DD896AEB4F5D52F4FDA5893250285C2 CDFB60480F3D09BBD5D32DB68A565AAB AE4042AA10173EF78DE1445897282AD6 CE3F8CBFDF8F0D7A9F95EB171BFC8A3A 009DAA20FAE28E5C0C165D2E4305DD7450E19CA5 |
Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding | |||||||||||||||||||||||||||||||||||||||
| message_id | 8, 8 | -E8300F00009B9E64 |
+7CF40900EE11BD64 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| nonce | 24, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 |
| encrypted_data | 56, 340 | -FE500100E3B5716AC2E86342AD2E8C7B 75FD17C713CE5C8559659F8301258D63 D9101D1DB99EA9C1909315495C8776FD 7885CA40AB860F38C8BD946F90CCEC63 F3ED2A5A8F06F4E45BFDD0CC4A626AF7 4C299623B64E8E384BB7A66C36483EA6 67CE513FB5C2B9C7C635206E824F6BFC 45A259CE0692745EBF3FDE3DEE350903 FC0E2FF821DAECDF333B23F77866A444 E2AC3B1BC8CC2EA38D4C2C3FF375FF70 CFAF76E35BE863D54969CF4A887C8D62 23874017B4B509CF3DE096E288512FBE F295D4DE4CC3CA6EAEA779B07100D8CC 9E2EF7A6B40575CCC5EC93E32E7F8E4F D7332737F3B179573B4BEC13ABD868CC 06A725ECFFC29494FE6AFFD3CEF2DE94 681D4A3F19DDE0CF9BB0F13974443EA0 4D6CE173E0655BAFC847B5D55393BE98 2E00903B557B61FB38F15A88CADA345B C8B7820BB1C051C0A8B13AE70A5479E8 7D6BCA8A7AA73C306AF0FACD6760C566014DE790 |
+FE500100E2E97CCBFC703FEB7A5C71C4 9B7649000C524EAA6DEBD9AE571B812F E10630D72AA1B5962057DEAD590AC00B 0FF26851972BE0877D958E5245E6E091 BDD648F2E06774BDECA6B32D6A75CF3C 6A818245108EA00B1C54A537E1360A62 7515B9B4C66C2F653004DE0B00BB6A66 D66F5A2A8784F1B4E15E9363CE3B7113 22F96EF48768899CFDC7D7DE0161A0C9 BD98743AD2933871F030830B19AB065C CAB55D395415D7C7E34ADDA5D24A46B5 79434E95649925E67578134010F2C4B9 952FC14BBDE42536DE735AA16C775AD6 821BCB2624A20D9144E560ACB228E7AB B33AEFA254C6E0AEBDE86DE109B8CC92 E484D0FD3922EC0E767ACF5AC5FD8F2A 8C6825590BECD9A89580EDACCFF7BB45 40D1EFD6F19C4C2432C7C8316F33CB18 0BE33E2B2E3DE65A4C2B02FAD0CE83D4 894E283E2588C4B49AF451156B119AF4 5811F6FE8C26C0FB7B9D8B7FC811D78FEE70FA42 |
Encrypted client_DH_inner_data generated previously, serialized as a TL byte string |
| message_id | 8, 8 | -01848C9F009B9E64 |
+01182655EE11BD64 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| nonce | 24, 16 | -DA603B0B6C74D60EC94A04D83AF2027D |
+7A1FFF5321A4043284F5F3024119D950 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | -8C0C719D738B757866BA31F7EF439739 |
+AECF0E9BD389174E9AE75DCB0D3C7DC6 |
Value received from server in Step 2 |
| new_nonce_hash1 | 56, 16 | -B091C677C6996C09FF59F2F9AB281678 |
+BA1AA4971D499BB8575C328B339D8E0A |
The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry. |
| messageEntityMention | -Message entity mentioning the current user | +Message entity mentioning a user by @username; messageEntityMentionName can also be used to mention users by their ID. |
||
| messageEntityHashtag |