Zapnoty — Login via bots

Bot Auth

Authenticate your website users via Telegram/Max bots. User clicks a link, confirms in the bot, automatically subscribes to notifications, and you receive their data.

How it works

1. User clicks the bot link

2. Bot shows authorization request with "Login" / "Cancel" buttons

3. User clicks "Login" → automatic subscription to notifications + code generation

4. Bot sends "Go to website" button → callback_url?code=CODE

5. Your server calls POST /v1/auth/verify → receives data

Setup

In the project dashboard go to Settings → Auth and set the Callback URL and Origin URL.

Static links

Simple option — a permanent link. Get it via API or in the dashboard:

GET /v1/auth/link

// Response:

{

"telegram_link": "https://t.me/YourBot?start=auth_my-app",

"max_link": "https://max.ru/YourBot?start=auth_my-app",

"configured": true

}

API sessions (with state)

To pass state (e.g., browser session ID), create a session via API:

POST /v1/auth/session

{

"state": "browser_session_abc"

}

// Response:

{

"session_id": "aBcDeFgH12345678",

"telegram_link": "https://t.me/YourBot?start=auths_aBcDeFgH12345678",

"expires_in": 300

}

Code verification

After confirmation, the user lands on callback_url?code=CODE. Verify the code:

POST /v1/auth/verify

{

"code": "aBcDeFgH..."

}

// Response:

{

"channel": "telegram",

"first_name": "John",

"username": "johndoe",

"avatar_url": null,

"subscriber_id": "uuid-...",

"lang": "ru",

"tags": [],

"state": "browser_session_abc"

}

QR/Polling (cross-device)

For desktop auth via a mobile bot: create a session, display a QR code with the link, and poll the status. When the user confirms on their phone, you receive a code. Poll interval: 2-3 seconds. The code is one-time — after receiving status=completed, a repeat request returns expired.

GET /v1/auth/session/{session_id}/status

// Pending:

{ "status": "pending" }

// Completed:

{ "status": "completed", "code": "aBcDeFgH..." }