I am currently implementing a telegram bot that needs to differentiate between the one that owns the bot - meaning the one who has been provided with the bots credentials - and all other users chatting with the bot.
I am using webhooks and from what I can see, there is no parameter provided in the message object, that I could use to identify this relationship. Parameter like surname, lastname are not sufficient as they are ambiguous and the #username is not provided at all.
One could use the chat-id, but I cannot see any API Call that would offer userData ..
Any ideas ?
BR Andre
Using python, save your (admin) chat.id to a config file, then compare it via chat.id from incoming message entity.
Related
Someone set up Matterbridge to transfer the contents of a Telegram channel into a Mattermost channel. To do this, they created a Telegram bot.
Unfortunately, the person has disappeared (Covid?), and we don't have full details of the account used to set up the bot.
We do have the Bot Token (from the Matterbridge config file).
Is there any way we can find out more about the bot, change its settings, join it to other channels, etc?
A bot's token allows you to do anything the Bot API is capable of doing. You can check a list of available methods here https://core.telegram.org/bots/api#available-methods.
"Is there any way we can find out more about the bot"
Some limited info, yes. Try calling https://api.telegram.org/botBOT_TOKEN/getMe and /getWebhookInfo.
You might be able to get a webhook url - in case it was set up to use one.
"... change its settings"
Rather not. You'd need access to wherever the bot is hosted. It's not possible to tell exactly without knowing how the bot works. But anything specific found within the bot's processing script/program will not be accessible to you.
"...join it to other channels"
Yes. As answered here. Though it may not be useful to do. Depends on how the bot is set up to work.
I have added my bot to a group chat, now for few commands I need to give access only to the group admin, so is it possible to identify if the message sender is admin of the group?
I am using python-telegram-bot library
When you use getUpdates, you can see .message.chat.type is group or not.
And then use getChatMember, .result.status should be administrator or creator.
It is absolutely possible. You can use the getChatAdministrators API method (returns a list of ChatMember) to get a list of admins for a chat, or the getChatMember API method (returns a single ChatMember) to get the admin status of a single user.
An efficient method to solve this problem is described here: https://github.com/python-telegram-bot/python-telegram-bot/wiki/Code-snippets#cached-telegram-group-administrator-check
No. You need to hardcode user id in your source and compare if user id in admin-ids array.
I have a chatbot running on a site and I'd like to be able to integrate flattr into it. It's built in Node and has no front-end, it just uses an API to interact with the site.
I'd like to be able to do something like this
note: all commands for the bot begin with "!"
!flattr #username to flattr a user
I understand this would mean people who want to either receive or give flattr would have to create accounts
Just looking for some guidance as to how to start this.
Here's what I'm thinking I need to:
Create an application, get Client ID and Secret, go through Oauth flow and get Bearer token. Including the scope for flattr thing in this process
How long are your tokens set to expire? Should be I updating this token often?
Then I guess I would just need to use the flattr thing api endpoint? Is a user considered a 'thing' in your api? Is the :id for a thing secret or can it be public without harm?
Does a user know their id or can they easily find it? Or would I need to use the Users endpoint to get that info? And does that mean adding an additional scope?
This is my ideal situation. In the chat all Users setup a flattr account and can connect the bot to Flattr by doing:
!flattr addme [flattr username] (alternatively they could use flattr ID if accessible)
then like I mentioned above, they can just use !flattr #[username] and that's it
thanks!
You do need API credentials but the ‘flattr’ scope should be enough.
You need to solve three problems, identifying users, authenticating users and then flattring URL:s (because the Flattr system only works with URL:s).
The later is easy, the best thing would be if your application/site provided a profile page for each user.
Something like ‘http://example.com/user/francisc0'. You would then just call the /flattr endpoint with that URL.
The response of the URL would either have to contain something that Flattr could use to ID the Flattr user or
you would have to pass the user id along with the flattr request. Read up on auto submit URL:s.
But in short, an auto-submit URL looks like
https://flattr.com/submit/auto?fid=abc123&url=http%3A%2F%2Fexample.com%2Fuser%2Ffrancisc0
In order to identify your users they need to have unique usernames on the chat (or something else that is unique that you are able to lookup from a username). Each user would also have to tell your application what their flattr id is.
This can be as simple as a input field where the user manually adds their id or you could fetch it from the API (look at the /user endpoint).
Now in order to flattr an URL your application (api client) needs to be authenticated as a Flattr user. As the Flattr user that typed the command “!flattr #username”. So my suggestion is that when a user wants to enable the ability to flattr on the chat you perform an oauth authentication for them and save the access token (they never expire btw).
When the user types “!flattr #username” in the chat you retrieve the access token for that user from storage and then send the flattr request as that user.
That should be it.
I did something similar for IRC a few years back and it worked great so it should work for your use case too.
Pro tips: Avoid using the /thing endpoints as they will be deprecated very soon.
The api documentation isn’t really up to date but that is also something that is changing very soon.
The user objects will soon include an ‘idv3’ attribute, use that as the user id instead of ‘id’.
Source: am Flattr dev.
I am trying to get my chat_id for my telegram channel. Bot I get this line error:
{"ok":false,"error_code":401,"description":"[Error]: Unauthorized"}
My Channel Name is: MyName
My link is: https://telegram.me/MyNameIsChannel.
The first and the main reason of the problem is that I'm using my telegram on a phone only and have to type the token manually on a Laptop keyboard. That was the case. No firewalls, no extra installation (of some software) was a reason but a SIMPLE TYPO. Better just COPY&PASTE the token whatever way you can.
Don't forget about the "bot" suffix and upper/lowercase letters also do matter.
I've spent so many time for googling/troubleshooting and in fact it was a simple typo.
Looks like you aren't passing your bot's token to the query.
If your channel is public with username #MyNameIsChannel and your bot's token is AAAAA, then you should make this request to find out channel's id (just send any message and watch chat_id in reply JSON):
https://api.telegram.org/bot147772105:AAEGOblbPGiU9Hfoy7wVFt0bVfJsdO3iis4/sendMessage?text=Hello&chat_id=#MyNameIsChannel
Please check beforehand that your bot is admin of that channel.
Try obtaining the ID of this channel. Usually, the API requires the ID of the channel as string.
https://api.telegram.org/bot147772105:AAEGOblbPGiU9Hfoy7wVFt0bVfJsdO3iis4/sendMessage?test=Hello&chat_id=YourIDhere
Would become
https://api.telegram.org/bot147772105:AAEGOblbPGiU9Hfoy7wVFt0bVfJsdO3iis4/sendMessage?test=Hello&chat_id=-123456789123
(Most channels and groups have a - sign at the beginning. Make sure you'll copy it to make it work nicely.)
I'm building an API. When requesting the data of a user this is shown to be the best practice to retrieve the data:
Requests user data with ID:
https://api.example.com/users/1
However it would be more convenient to requests user data with their email:
https://api.example.com/users/johnsmith#outlook.com
Is it safe to use the second method? Even if I was to use the first method, there is no way that a developer would know the ID for the user which they would like to request, so it would not be useful at all.
So is the second method safe? If not, is there a solution? Thanks.
As long as the ID is unique and parsable in the URI. The '#' would need to be encoded into a "%40". Other than that its fine, IMHO. If you have two different types of identifiers, like email and ID then you might want to allow a client to select which identifier to use
https://api.example.com/users?email=johnsmith#outlook.com
or
https://api.example.com/users?id=1
Here is some good literature for how to use filters in REST API's.
Passing email address in URL is not a good idea as it is non-public information. If you really need to go with email address then go with POST call or you can use id which is completely safe if you are using proper authorization at API end.