Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
Can you help me understand the differences for Telegram API vs Bot API please, I tried telegram website but just get confused?
Thanks
Ramin
Telegram APIs
This API allows you to build your own customized Telegram clients. It is 100% open for all developers who wish to create Telegram applications on our platform. Feel free to study the open source code of existing Telegram applications for examples of how things work here. Don't forget to register your application in our system.
Bot API
This API allows you to connect bots to our system. Telegram Bots are special accounts that do not require an additional phone number to set up. These accounts serve as an interface for code running somewhere on your server.
You can create Telegram client apps with your own UI and environment using Telegram APIs (to communicate with Telegram server). like Plus, Telegram Web, Mobogram.
But the Telegram Bot API is not about the UI and environment. It's about the possible services in the Telegram platform. Then users communicate with your Bot and get any services via their original Telegram apps (or their Telegram Clients). Game bot, English Learning bot.
Related
I have a task to deploy a bot from a mobile application. The problem is that I need to make sure that the bot is not already hosted from some other source, in which case I do not need to do anything, but I did not find a way in the official documentation how to check if the bot instance is already running by token
I have seen some providers on internet where you can send Whatsapp messages using an API. Its not official WA API integration.
These providers will spawn a instance for you, show you a QR code. You need to scan the QR code in your WA app. Once scan is completed, that instance is added as linked device in your app.
Now they provide an API which you can use to send messages. API accepts instanceId, mobile number and message as query param.
These messages are send using your WA account and number. You can see those sent messages in your app.
Basically everything is happening from your account via web whatsapp but from a remote setup and using an API.
Here are a screenshot to help you understand what I am trying to convey.
Sample API call:
https://DOMAIN-HERE/api/send.php?number=84XXXXxxx&type=text&message=test%20message&instance_id=6XXXXXXXXXX&access_token=XXXXXXXXXXXX
I want to setup something similar. I searched the Internet on how does this work and how I can create my own similar setup but could not find anything.
Can someone please point me in the right direction.
What all these providers are doing is hosting a running instance of a whatsapp web client using your phone number, this is why they ask you to scan the QR code (same as whatsapp web does).
Users of this kind of services must be crazy to allow running an unattended instance of whatsapp against their own phone account, as on the host there's full access to your whatsapp encryption keys, contacts, history of messages,... but the security implications are for a different topic.
If you want to have a headless instance of whatsapp-web like the one they offer, you should have a look at repos like this one here: https://github.com/tulir/whatsmeow (there are others similar, for different languages).
As I understand, every WhatsApp chatbot interacts with users through WhatsApp but the actual backend is hosted in a server of its own.
I was wondering if there is any way to get information about this server or its API when interacting with the chatbot. I tried fiddling on WhatsApp web with the developer console, with the network tab, but it appears that WhatsApp does a really good job masking the core of the bots.
Has anyone had any luck getting information about WhatsApp chatbots?
Well from the question it's kinda already answered Meta uses just the response from the server from where the bot script is hosted after sending a webhook event to it so what you might be getting is gonna be info on the WhatsApp network... with the new Cloud API for WhatsApp business you could get more info on how the WhatsApp bot work
(https://developers.facebook.com/docs/whatsapp/cloud-api)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I'm working on a webapp that requires user account management and authentication. The users should be able to login to their account using different tokens - Email, Phone Number, Facebook id, Company account id etc. Same user might be using all of these different methods based on the entry point they choose to login.
From the backend, I should be able to retrieve the correct user account based on any of these tokens. Basically, multiple tokens (email, phone, facebook etc) should point to the same user account.
I have been looking into Firebase and Stormpath. From your experience, do you think Firebase or Stormpath are good options for me? I was wondering if there are good pre-build web solutions for this without re-inventing the wheel by myself.
Please feel free to suggest different web solutions and architecture tips.
Thanks for your time,
Iranga
Disclaimer: I work at Stormpath
Firebase is a platform/ecosystem for building web/mobile applications, and as such they offer an authentication and authorization solution. Building your app with them will require buy-in to their entire platform.
Stormpath is an authentication and authorization service that can be added to any type of application, regardless of where it is ran, where it is hosted, or what your fronted of backend is written in. Our API does allow you to manually link different types of accounts together, e.g. password-based accounts or social accounts. See Modeling Your User Base in our documentation.
We’re adding some support to make this easier and you can follow the Account Linking feature to know when this is available.
In sum: if you want an entire platform for your application, Firebase may be a good fit. If you prefer to maintain more control over your hosting (such as using Heroku to deploy your Nodejs application and have Postgres available), then Stormpath would be the better fit.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I am building an Android app - a key part of which will include integration with a server API. The app is just a side-project and I am really just looking for validation of my planned API security and suggestions of best practice and how other apps do it.
The application will be mobile only (to start with, no website) - I want to be able to create user accounts from the app, and once signed up, use the central web API to access/update secured user-specific content.
What I have started looking at is a basic hosted MVC web app (I'm JVM/Spring background, so will likely use those libraries, but the question here is tech agnostic) - the app will have no webpages and just expose a series of endpoints:
Publicly accessible POST endpoints to sign-up & sign-in
OAuth secured endpoints for user specific content (plus of course the normal OAuth dance endpoints needed)
Is that a reasonable approach? Does using OAuth make sense when I have control over the client and server sides?
I assume the official Twitter app just uses OAuth with its API that it exposes to other users? And Instagram was launched as mobile only platform at first, so I assume they must have had in app account creation & then some API security?
(I know there are further considerations/requirements - communication over ssl, protecting your applications oauth key from people de-compiling the application and then using the key in other apps etc, but really I just want some higher-level input if people have implemented these kind of systems before with success/problems etc)
Sounds good, but any token-based sessions would work. Don't store the credentials (at least not the password) on the device. Only store the token, which can be expired, and store it securely. Require HTTPS and use certificate pinning to prevent session hijacking.