secure one to one telegram communication

[mkeyno]

hi , sorry to open ticket for my question but I really appreciated to have your advise. Actually I intend to make secure one to one communication between my ESP module and my phone (or couple of allowed phones), There is ESP8266WebServer, hosting web page, and intend to register allowed phones numbers by it, what is your suggestion to find id number of allowed phones and made secure communication Thanks

[hofnil]

Hi mkeyno, the chat_id of each message is shown in the serial, when receiving a message.

i implemented the "secure thing" like this in my code: if (chat_id != my_chat_id && chat_id != group_id) { String message = "Chat-ID: " + chat_id + "\n"; message += "From: " + from_name + "\n"; message += "Message: " + text + "\n"; bot.sendMessage(my_chat_id, message, "Markdown"); return; } "my_chat_id" and "group_id" are the two id's i want my bot to answer to. messages from everon else are send to my own chat (just because i'm courious if anyone texts my bot)

[mkeyno]

thanks@Schlumpfbier but do you think it is good way to let ESP module filter and authorized the incoming message ? this may let ESP module chocking if many telegram user intend to bombing my ESP_bot, what I actually look for is to authorized telegram user on api.telegram.org server side so as first step register the authorized phone number or user , then telegram server send me message from authorized telegram user, I'm digging to telegram API's but yet not figure out how to register the authorized phone number or user

[hofnil]

i've been looking for another way for this as well but couldn't find anything. but if you don't publish your botname or choose a very simple name like arduinobot or something, you shouldn't get any messages from anyone else. at least i haven't got a single message from any unauthorized chat_id.

[mkeyno]

thanks @Schlumpfbier for your advice but honestly after opening this ticked I've noticed Telegram bot available in public so anyone can send command to my module and filtering authorized message probably chock my little ESP , after some sneaking around I found it is the best to webhook the bot to third party server which can filter and authenticated the user message and to get new update it is just need websocket client service connected to this remote server