Wall · Glossary · HMAC-SHA256 (Wall authentication)
HMAC-SHA256 (Wall authentication)
also: HMAC auth, Telegram init_data verification
HMAC-SHA256 (Hash-based Message Authentication Code, SHA-256 variant) is the cryptographic primitive Wall uses to verify that a request originated from a real Telegram client without storing any user-side secret.
Flow: when a user opens the Wall Mini App, Telegram passes a signed init_data payload (user ID, query parameters, hash) to the JavaScript context. The Wall app forwards this on every authenticated request to the Wall server. The server recomputes the HMAC-SHA256 of the payload using the bot token as the secret key and rejects requests where the recomputed hash doesn't match the included hash.
What Wall never stores: passwords, password hashes, JWTs, refresh tokens, recovery questions. There is no auth secret on Wall's side that can leak. Compromise of Wall's database does not produce credentials usable for replay attacks against Telegram or any other service.
Trust boundary: Wall trusts Telegram's identity layer. If Telegram itself is compromised (bot token leaked, or the underlying signature scheme broken), that compromise propagates to Wall. We don't pretend otherwise; the trust model is documented.
Where HMAC-SHA256 (Wall authentication) appears on Wall
- lib/telegram-auth.ts — the verification module
- Every write endpoint in app/api/ — calls getUser() before business logic
- /security architecture page — documented with verification path
- wall.support/security — public help-center version
Related terms
Common questions
Can someone forge a Telegram init_data?
Not without the bot token. The HMAC signature requires the secret (bot token) to compute. Without the token, an attacker would need to break SHA-256 — no known practical attack exists. The bot token is treated as production-secret-grade and rotated only when needed.
What happens if init_data is replayed?
Telegram's init_data includes a signed timestamp. Wall rejects payloads older than a configurable freshness window. This prevents an attacker who intercepted a valid payload from re-using it indefinitely.
Why HMAC-SHA256 specifically?
It's what Telegram chose for init_data. Wall could not pick a different scheme even if we wanted to — we verify what Telegram signs. SHA-256 is well-vetted; HMAC is the standard MAC construction. No bespoke crypto.