Search code examples
pythontelegramtelegram-botpy-telegram-bot-api

How to safely transfer data from Telegram Mini App to Django+pyTelegramBotAPI without closing the app

I tried using WebApp.sendData, but it closes the app. I guess I should use POST to send data from browser, but I don't know how do I make the backend know the telegram ID of a user whose Mini App sends this POST request.

I don't have any auth except authentication via Telegram. The app is launched via KeyboardButton.

Solution

  • The way Telegram have suggested:

    i've found these repos which implemented the exactly what telegram says in the documentation. But the backend written in go, so i didn't read it fully, you can check it out if you want:

    An alternative way (not one that Telegram suggested):

    • Create an inline button that will run your mini-app but with the JWT verification code inside query parameters.
    • Put user_id inside the JWT payload, the user_id you have in the bot service on request from the Telegram bot.
    • This token will be sent to the frontend and then to the backend for authorization. The backend will decode this token using the same SECRET-KEY you used to generate this JWT token. If it is decoded successfully, you can create the credentials for the frontend (client).

    You can always expand on this idea; it's just a different concept that should work, and I think it's secure enough.

    also here some article mb interesting, mb not:)