Telegram Bot Token

ID

telegram_bot_token

Severity

low

Vendor

Telegram

Family

API Token

Description

Telegram is a globally accessible encrypted, freemium, cross-platform, cloud-based instant messaging service. The service also provides optional end-to-end encrypted chats and video calling, VoIP, file sharing and several other features.

Security

Any hardcoded Telegram Bot Token is a potential secret reported by this detector.

Accidentally checking-in the key to source control repositories could compromise your Telegram Bot.

Examples

def bot_private_sendtext(bot_message):
	### Send text message
	bot_token = '628534909:AAHH8VJq7FJm4lZQ1Qwm61tlUgXVteCLzzo'
	bot_chatID = '293583438'
}

Mitigation / Fix

  1. Remove the Token from the source code or committed configuration file.

  2. Follow your policy for handling leaked secrets, which typically require revoking the secret in the target system(s). The secret can be revoked by Sending a message "/revoke" to @BotFather on Telegram.

You should consider any sensitive data in commits with secrets as compromised.

Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories.

Reference

https://core.telegram.org/bots/api#authorizing-your-bot