Login via Telegram
on your website
One billion Telegram users login on your website via one tap or QR scan.
The most seamless UI you can think of, fully OAuth compatible.
Login faster
Seamless experience
Mobile friendly
Whether user is on mobile or desktop, they can login with one click.
Login users faster
One-click login is the most convenient way to authorize which leads to better conversion rates.
Secure
Backed by audited asymmetric cryptography and fully compliant with OAuth 2.0.
Easy integration
Our SDKs are fully customizable and support both mobile and desktop flows. Whether it is React or vanilla, Node.js or PHP, we have you covered.
import TelegramLoginButton from '@telegrauth/react'; const AuthPage = () => ( <div> <TelegramLoginButton appId="<your app id here>" /> </div> );
Login better
Simple and secure
"Telegram Login for Web" requires phone number and has no OAuth support. Majority of users find it scaring and inconvenient.
Telegrauth detects user's platform and provides a one-click login if Telegram is installed or QR login to auth via phone.
- One-click login.
- If user has Telegram installed on their device, it's just one click to open the bot and confirm login.
- QR login via Telegram app.
- If user is on the desktop, they can just scan the QR-code via their phone to login.
- Security first.
- Backed by audited asymmetric cryptography and fully compliant with OAuth 2.0.
Easy integration
We support what you need
We have a ready-to-go SDKs both for frontend and backend.
Just get your app ID and secret key — and you're good to go.
- React.js SDK
npm i @telegrauth/react
Use pre-built components or use your own UI - our React SDK is fully customizable and support both mobile and desktop flows.- Passport.js provider
npm i passport-telegram2
Use our Passport.js provider to integrate Telegram login into your Node.js app with Express/Connect and Passport.js. As simple as it seems - just add your client id and secret, and your Telegram auth is ready.- Vanilla JS
- Want to use frameworkless solution? We have you covered. Just use standard OAuth flow - redirect users to the Telegrauth login page and we will send them back to you using callback links.
- OAuth 2.0 (PHP, Python, Ruby, etc.)
- With OAuth 2.0 out of the box, you can use any language and framework you want. Send users to the Telegrauth login page and you will receive authentication tokens via secure OAuth callbacks.
import { TelegramLoginButton } from '@telegrauth/react';
export const AuthPage = () => {
const appId = 'your-app-id'; // https://app.telegrauth.com
return (
<TelegramLoginButton
appId={appId}
state="state string you want to get in your callback (like CSRF token)"
/>
);
}- Authentication requests every month
- 1.2 million
- Apps using Telegrauth
- 730+
- Users authenticated last month
- 120,000+
Frequently asked questions
Everything you need to know
General
I don't see price list. How much does it cost?
Telegrauth is completely free. We don't have any paid plans or subscriptions. You don't need to provide us with your bank details or anything else. There are no limits on the number of users you can authenticate.
There are some technical limits (frankly speaking, very generous) - the number of requests per second, the number of requests per day, etc. But they are here to protect our servers from abuse, not to limit your app.
Free? What's the catch, how do you fund the servers?
Telegrauth is one of the projects we run for the Telegram ecosystem. It was created as a side project, and it costs us almost nothing - one $10 server can handle approximately 10,000 apps.
Our intent is to use it as a marketing tool - once you use Telegrauth and see how smooth and effective it is, you may be interested in using our other products for Telegram, including paid ones.
Security
How secure is it?
For every auth request, we generate a random string, which is passed from the very beginning of the session to the bot, then to your servers in the callback. It is impossible to guess or brute-force it, and the lifetime of the auth session is limited to 10 minutes.
Even if someone intercepts the request and steals the link (e.g., the user's computer is infected by viruses), the user will receive an auth request with an unknown IP address, from an unknown location, different browser, etc. There is zero chance they will confirm it.
Don't take our word for it - just try to log in to this site and you'll see what a detailed confirmation request you get from the bot.
For apps demanding an even higher level of security (financial apps, crypto exchanges), completely eliminating even the tiniest chances of man-in-the-middle attacks, we have a special "same device policy" which disables QR login and requires the user not just to confirm auth in the bot, but to open a special link from the bot, with an additional security layer of one-time cookie validation. To enable it, please contact us [email protected].
Can I use my own bot?
Yes, we support it. Just write us [email protected] and we will help you to integrate it (it takes less than 10 minutes).
Can I use it for the Telegram Mini App authentication?
Yes, but it makes no sense. The Telegram Mini App has seamless authentication flow via initData. So, you don't need to use external auth for that.
If you interested in making your Telegram Mini App auth compatible with OAuth 2.0, please contact us [email protected].