Skip to main content


When working with the Telegram API is always a good practise to set a secret_token when setting up the webhook.

You can check if the update is from Telegram with $bot->onExternalRequest() function.

if (!$update->isFromTelegram("YOUR_TELEGRAM_SECRET")) {
header("Location:" . $bot->getMe()->body->result->username, true);

In this example the script is going to check if "YOUR_TELEGRAM_SECRET" is equal to the X-Telegram-Bot-Api-Secret-Token header, redirecting the non-telegram user to the bot.