I'm finally trying out Telegram (using node-red-contrib-telegrambot ) and I've set up a bot and using receiver node to get messages from my mobile phone.
The rx node as two outputs - one from authorised user and from non-authorised
Mine are appearing on non-authorised
Does this mean anyone with who knows name of my bot could send it messages?
How do I get my messages to be authorised?
Authorised includes those with 'chatid's specified when you set up the Telegram Receive Node.
I have only just discovered that myself.
Consequently you can ignore messages from the second output if you have specified a chatid as 'authorised' as they will appear from the first output.
Hope this helps
Yes, and that is a nice way to add some additional security to your bot - assuming that you know who might need to interact with it. Personally, I would attach a small flow to the unauthorised side to capture/log unknown chatids which makes it easy to add new ones to the authorised list just by getting, say Mrs Cymplecy, to send a message to the bot.
Version 7.2.0 allows to control the usernames and chatids that are authorized from within the flow.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy