Telegram

Connect a Telegram bot to send governed messages and receive inbound chat via Telegram webhooks.

What you can do#

Connect a Telegram bot to your LumenFlow workspace. Sidekick can send messages to Telegram chats and groups, and automatically receive inbound messages via Telegram's native webhook system.

ActionDescriptionStatus
Send messageSend to any Telegram chat the bot is inShipped
Receive messagesAutomatic webhook registration with TelegramShipped
Bot validationVerifies bot token via Telegram getMe APIShipped
Approval routingRoute outbound messages through approval workflowShipped

Setup#

  1. Create a Telegram bot by talking to @BotFather and copying the Bot Token
  2. Go to Settings > Connections in LumenFlow
  3. Click Add Connection > Telegram
  4. Enter the Bot Token
  5. Click Save

LumenFlow will:

  • Call Telegram's getMe to verify the bot identity
  • Call setWebhook to register a unique inbound URL with Telegram
  • Generate and store an encrypted webhook secret token

info Unlike most integrations, Telegram webhook registration is fully automatic. You do not need to configure any URLs manually.

How the webhook works#

LumenFlow registers a webhook URL with Telegram in the format:

https://your-domain.com/api/v1/sidekick/integrations/telegram/webhook?key=<unique-key>

Telegram delivers updates to this URL. LumenFlow verifies each request using the X-Telegram-Bot-Api-Secret-Token header, which Telegram sets automatically when a secret token is provided during webhook registration.

Security#

  • Bot identity verified -- the getMe call confirms the token is valid before any data is stored
  • Exclusive bot -- a Telegram bot cannot be connected to two LumenFlow workspaces at the same time
  • Secret token verification -- every inbound webhook is verified using a secret token that Telegram signs into each delivery
  • Rate limiting -- distributed limits protect against webhook flooding
  • Credentials encrypted at rest -- the bot token is encrypted before storage

Disconnecting#

When you disconnect the Telegram integration, LumenFlow calls Telegram's deleteWebhook API to unregister the inbound URL, then removes stored credentials.

warning If the bot token has been rotated or revoked, LumenFlow may not be able to clean up the remote webhook. You can remove it manually by calling /deleteWebhook via BotFather.