Telegram WebApp User Verification

This repository contains Python code and tests for verifying the authenticity of users interacting with a Telegram Mini App. The core logic is based on Telegram's official guidelines for validating data received from Telegram.WebApp.initData.

---

🚀 Features

• 🔒 HMAC-SHA256 validation of the Mini App payload using the bot token
• ⏱️ Optional check to ensure the data is not outdated (auth_date)
• ✅ Unit tests to ensure the integrity of the verification logic
• 📦 Minimal dependencies, can be easily integrated (some of the code uses sanic-api, but can be rewritten easily)

---

⚙️ Getting Started

1. Clone the repository

git clone https://github.com/PhillMckinnon/telegram-verify-sanic-api.git
cd telegram-verify-sanic-api

2. Install dependencies

pip install -r requirements.txt

3. BOT TOKEN

remove the .example extension from the .env file,
Add your bot token into the .env file

4. Run tests

python -m pytest

---

✅ Test Coverage

• test_verify_valid_data: Valid data with a correct hash and timestamp
• test_verify_invalid_hash: Payload with a tampered or incorrect hash
• test_verify_missing_hash: Missing hash parameter in the data
• test_verify_expired_auth_date: Data with an outdated auth_date timestamp

---

📄 License

This project is licensed under the terms of the MIT License.

---

📫 Contact

For questions, feedback, or collaboration, feel free to reach out:

• 📧 Email: phillipmckinnonwork@proton.me
• 🐙 GitHub: @PhillMckinnon