Skip to content

codex-bot

URL Signer (TWA)

URL Signer — Mini Apps Security

URLSigner is a specialized tool for creating and verifying protected links. It is essential for developing Telegram Mini Apps (TWA), where you must ensure that data passed to the application has not been tampered with.

🛡 Why is it needed?

When a bot opens a Mini App, it often passes parameters in the URL (e.g., user_id). A malicious user might attempt to change these parameters in the browser's address bar.

URLSigner signs this data using the bot's secret key. The backend application can then verify this signature to ensure that the link was indeed generated by your bot.

✍️ Usage in the Bot

Typically, URLSigner is used within an orchestrator to generate WebApp type buttons:

async def render_content(self, payload, director: Director):
    signer = director.container.url_signer
    app_url = signer.sign_params(
        base_url="https://game.codex.bot/start",
        params={"user_id": director.user_id}
    )

    kb = InlineKeyboardMarkup(inline_keyboard=[
        [InlineKeyboardButton(text="Open Game", web_app=WebAppInfo(url=app_url))]
    ])

    return ViewResultDTO(text="Click the button to start the game!", kb=kb)

Helpers — General information about auxiliary tools.
API: URL Signer — Technical method descriptions.