Web Validation

Nutgram provides a simple way to validate the data received from a Login Widget or a Mini App.

Login Widget

The Telegram Login Widget is a simple way to authorize users on your website.

Nutgram provides the validateLoginData method to validate the data received from the widget.
If the data is valid, the method returns a LoginData object, otherwise it throws an InvalidDataException.

// $initData MUST BE a query string value like this: 
// id=12345678&first_name=Mario&last_name=Super&username=SuperMario&photo_url=photourl&auth_date=1693264973&hash=1a2b3c4d5e6f

// Tip: you can user the http_build_query to get the query string from an array via $_POST variable.

try {
    $loginData = $bot->validateLoginData($initData);
    //$loginData->id
    //$loginData->toArray()['id']
} catch (InvalidDataException) {
    echo 'Invalid data!';
}

Mini App

With Mini Apps developers can use JavaScript to create infinitely flexible interfaces that can be launched right inside Telegram — and can completely replace any website.

Nutgram provides the validateWebAppData method to validate the data received from the Mini App.
If the data is valid, the method returns a WebAppData object, otherwise it throws an InvalidDataException.

// $initData MUST BE a query string value like this: 
// user=%7B%22id%22%3A12345678%2C%22first_name%22%3A%22Mario%22%2C%22last_name%22%3A%22Super%22%2C%22username%22%3A%22SuperMario%22%2C%22language_code%22%3A%22en%22%2C%22is_premium%22%3Atrue%2C%22allows_write_to_pm%22%3Atrue%7D&chat_instance=-123456789&chat_type=private&start_param=foo&auth_date=1693264973&hash=1a2b3c4d5e6f

// how to get $initData from frontend (example): 
// $initData = $_GET['initData'] or $_POST['initData'];
// initData is an example key name provided by frontend

try {
    $webappData = $bot->validateWebAppData($initData);
    //$webappData->user->id
    //$webappData->toArray()['user']['id']
} catch (InvalidDataException) {
    echo 'Invalid data!';
}