Tegram bot API token format

Question

I want to figure out the format of telegram bot tokens to implement some validity checks, but there seems not official format description.

from my token and what I have found on the net, I can assume the following:

• (up to) 46 characters length
• starts with (up to) 10 digits followed by :
• the remaining 35 characters are of class [[:alnum:]] plus - and _

can anyone (dis) confirm or point to documentation?

Answer 1

Let me summarize what we know so far:

• to verify that a telegram API token has the correct format AND is currently valid you must make a Telegram getMe API call, e.g. on command line: curl -s https://api.telegram.org/botYOURTOKEN/getMe

Nevertheless, we have some good guesses what a correct token must look like:

• it consists of 8-10 digits followed by a :
• the : is followed by a 35 character Telegram internal identifier/hash
• the identifier is consisting of character class [[:alnum:]] plus _-, this fit's the characters documented for the deep linking parameter

Summary:

• Token format: 8-10 digits:35 alnum characters plus _- , e.g. 123456789:AaZz0...AaZz9

• Regex for testing: /^[0-9]{8,10}:[a-zA-Z0-9_-]{35}$/

Answer 2

If you want to check validity of a bot's token you can use the getMe method.

https://core.telegram.org/bots/api#getme

A simple method for testing your bot's auth token. Requires no parameters. Returns basic information about the bot in form of a User object.

Any non valid token will return 401 error.

I believe this would be a more robust approach than checking for correct formats.