error_code":401 when give chat_id - telegram-bot

I am trying to get my chat_id for my telegram channel. Bot I get this line error:
{"ok":false,"error_code":401,"description":"[Error]: Unauthorized"}
My Channel Name is: MyName
My link is: https://telegram.me/MyNameIsChannel.

The first and the main reason of the problem is that I'm using my telegram on a phone only and have to type the token manually on a Laptop keyboard. That was the case. No firewalls, no extra installation (of some software) was a reason but a SIMPLE TYPO. Better just COPY&PASTE the token whatever way you can.
Don't forget about the "bot" suffix and upper/lowercase letters also do matter.
I've spent so many time for googling/troubleshooting and in fact it was a simple typo.

Looks like you aren't passing your bot's token to the query.
If your channel is public with username #MyNameIsChannel and your bot's token is AAAAA, then you should make this request to find out channel's id (just send any message and watch chat_id in reply JSON):
https://api.telegram.org/bot147772105:AAEGOblbPGiU9Hfoy7wVFt0bVfJsdO3iis4/sendMessage?text=Hello&chat_id=#MyNameIsChannel
Please check beforehand that your bot is admin of that channel.

Try obtaining the ID of this channel. Usually, the API requires the ID of the channel as string.
https://api.telegram.org/bot147772105:AAEGOblbPGiU9Hfoy7wVFt0bVfJsdO3iis4/sendMessage?test=Hello&chat_id=YourIDhere
Would become
https://api.telegram.org/bot147772105:AAEGOblbPGiU9Hfoy7wVFt0bVfJsdO3iis4/sendMessage?test=Hello&chat_id=-123456789123
(Most channels and groups have a - sign at the beginning. Make sure you'll copy it to make it work nicely.)

Related

How to change Telegram Bot settings knowing only the token

Someone set up Matterbridge to transfer the contents of a Telegram channel into a Mattermost channel. To do this, they created a Telegram bot.
Unfortunately, the person has disappeared (Covid?), and we don't have full details of the account used to set up the bot.
We do have the Bot Token (from the Matterbridge config file).
Is there any way we can find out more about the bot, change its settings, join it to other channels, etc?
A bot's token allows you to do anything the Bot API is capable of doing. You can check a list of available methods here https://core.telegram.org/bots/api#available-methods.
"Is there any way we can find out more about the bot"
Some limited info, yes. Try calling https://api.telegram.org/botBOT_TOKEN/getMe and /getWebhookInfo.
You might be able to get a webhook url - in case it was set up to use one.
"... change its settings"
Rather not. You'd need access to wherever the bot is hosted. It's not possible to tell exactly without knowing how the bot works. But anything specific found within the bot's processing script/program will not be accessible to you.
"...join it to other channels"
Yes. As answered here. Though it may not be useful to do. Depends on how the bot is set up to work.

Identifying the Telegram-Bot-Owner not possible?

I am currently implementing a telegram bot that needs to differentiate between the one that owns the bot - meaning the one who has been provided with the bots credentials - and all other users chatting with the bot.
I am using webhooks and from what I can see, there is no parameter provided in the message object, that I could use to identify this relationship. Parameter like surname, lastname are not sufficient as they are ambiguous and the #username is not provided at all.
One could use the chat-id, but I cannot see any API Call that would offer userData ..
Any ideas ?
BR Andre
Using python, save your (admin) chat.id to a config file, then compare it via chat.id from incoming message entity.

Is there any way to get a Bearer token now, since Robinhood has changed the API again?

We keep playing this cat and mouse game with Robinhood.com. I have a trading app which used to trade stocks with Robinhood, but they keep changing the unsupported unofficial API to make it difficult for traders to use. I know that many people are doing the same thing and I want to reach out to them to see if there is a new answer. The latest problem is when I try to get a Bearer token using the URL https://api.robinhood.com/oauth2/token/ the API returns the following JSON: {"detail":"This version of Robinhood is no longer supported. Please update your app or use Robinhood for Web to log in to your account."}. This started happening on 4/26/2019.
Has anyone found a work around for this, yet, or have they finally beaten us into submission?
A more complete solution (not need browser):
Use requests.session.
Obtain the login page by making a GET request to "https://robinhood.com/login".
At this point the session's cookies will contain 'device_id'.
Obtain this device_id and use it in making the oauth2 token request to "https://api.robinhood.com/oauth2/token/" also add in the data request "challenge_type" (either "sms" or "email").
This request will fail with a 400 error code. Robinhood will send an SMS message or Email with a temporary (5 minute) code.
Also at this point use the 400 response's body to get "id" from "challenge" inside of the JSON object.
Confirm the challenge by making a POST request to "https://api.robinhood.com/challenge/CHALLENGEID/respond/" where CHALLENGEID is the same id mentioned in the first failed /oauth2/token/ POST request.
Make the same POST request to "https://api.robinhood.com/oauth2/token/" and include in the header "X-ROBINHOOD-CHALLENGE-RESPONSE-ID" with the value CHALLENGEID.
You can reuse a device_id with user/pass after this even after logging out.
Be cautious with storing device_id as it is the result of user/pass login and successful SMS/email 2FA.
Just got it working. At the risk of them seeing this post and changing it more, here we go:
First, you're going to want to log into your RH account in a web browser
View Source on the page, and look for clientId - it should be a big hex number separated by dashes
Add that number to your POST requests to /oauth2/token under the field device_token
There's probably another way to retrieve the device token, and I'm not even sure it's unique, but that way should work.
Good to be back here after a very long time.
Not sure if anyone is still looking for answers to this, but I have a very simple solution.
At Robinhood's login screen, enter your username/email and your password, press F12 on your keyboard to bring up the console panel and switch to the "Network" tab then wait for the page to load completely. (During this time you will see a list of items being loaded rapidly depending on the connection speed.)
At this time you can keep clearing the list by clicking on the button highlighted in the below image.
Click on button highlighted repeatedly until the list is empty
Now, log into your Robinhood account. At this point your console should display a list similar to the one shown below.
Look for the name "token/", most likely it will be the second one you get all the information you need. And this information will be under the Headers then Request Payload
I was able to find this with past knowledge and experience of web scraping for fun. And also, I needed to know this as well, since I recently started doing trades via Robinhood.
Hope this help you curious ones out there.
For my Robinhood account I am using Google Authenticator for my 2FA. What I have so far is that I send the original call that I was sending before to https://api.robinhood.com/oauth2/token/. This is giving me a response of:
{"mfa_required":true,"mfa_type":"app"}
I then repeat my oauth token request, but this time providing the value from Google Authenticator (so my GUI has to prompt me to fill it in) with this payload in the request to https://api.robinhood.com/oauth2/token/:
{"grant_type":"password","scope":"internal","client_id":"c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS","expires_in":86400,"device_token":"***","username":"***","password":"****","mfa_code":"***"}
and then I am getting an access token in reply

Telegram Bot getChat method on channels using integer id returns old details

we have a web application,user add our bot in his/her channel as admin ,and can do some stuff from web app(e.g posting/editing items with markup buttons..etc),our app is heavily based on channel integer chat_id (example: chat_id=-1001006616144) instead of (#username ),everything works fine...the problem is :
when the channel owner change the channel username (e.g #foo to #bar) ,the robots getChat method still returns the old channel's username (#foo) IF i pass the channels integer id (e.g: -1001006616144) ,although there is no channel with username #foo anymore
but this does not apply for changing channels title,i mean if the owner change the channels title,the getChat (with integer id as parameter ) method instantly returns the updated channels title (and username)
i need to use the integer chat_id because its constant during the lifetime of channel until its get deleted and my web app needs the updated #username and title as long as my robot is Administrator in the channel
is it some sort of bug?can anyone suggest a workaround for this so i can get the updated channels info (at maximum 12 hours intervals)?im using PHP BTW
This seems to be a problem with the Telegram Bot API itself. You must understand that the HTTP API your are talking to (api.telegram.org) ist just a proxy-like interface and is a regulat Telegram client too (just with a bot, not a user logged in). It is possible that the caching used there messed this up.
You should contact #BotSupport about this.
A workaround for this might be to use the unofficial PWRTelegram API. It can't guarantee the same uptime the official api has, but comes along with some cracy features.

Receiving data using GET with a RESTful API

I'm building an API. When requesting the data of a user this is shown to be the best practice to retrieve the data:
Requests user data with ID:
https://api.example.com/users/1
However it would be more convenient to requests user data with their email:
https://api.example.com/users/johnsmith#outlook.com
Is it safe to use the second method? Even if I was to use the first method, there is no way that a developer would know the ID for the user which they would like to request, so it would not be useful at all.
So is the second method safe? If not, is there a solution? Thanks.
As long as the ID is unique and parsable in the URI. The '#' would need to be encoded into a "%40". Other than that its fine, IMHO. If you have two different types of identifiers, like email and ID then you might want to allow a client to select which identifier to use
https://api.example.com/users?email=johnsmith#outlook.com
or
https://api.example.com/users?id=1
Here is some good literature for how to use filters in REST API's.
Passing email address in URL is not a good idea as it is non-public information. If you really need to go with email address then go with POST call or you can use id which is completely safe if you are using proper authorization at API end.