$ CS4 Telegram Core API Service

# a hardened REST gateway in front of CS4.TelegramCore.Data

Authentication

Every /Message/* request is a POST whose body carries an apiKey field. It is checked against user_info.api_key — a bad or missing key returns 401, and repeated failures from one IP are temporarily blocked (403).

Endpoints

The outbound message API (ported from CS4.TelegramCore.Apx, same routes). Every /Message/* call is a POST whose body carries an apiKey (validated by the global filter). The inbound Telegram webhook is authenticated by its per-bot URL, not a key.

Help