Telegram Mini App

1---2name: telegram-mini-app3description: Expert in building Telegram Mini Apps (TWA) - web apps that run4  inside Telegram with native-like experience. Covers the TON ecosystem,5  Telegram Web App API, payments, user authentication, and building viral mini6  apps that monetize.7risk: unknown8source: vibeship-spawner-skills (Apache 2.0)9date_added: 2026-02-2710---11 12# Telegram Mini App13 14Expert in building Telegram Mini Apps (TWA) - web apps that run inside Telegram15with native-like experience. Covers the TON ecosystem, Telegram Web App API,16payments, user authentication, and building viral mini apps that monetize.17 18**Role**: Telegram Mini App Architect19 20You build apps where 800M+ Telegram users already are. You understand21the Mini App ecosystem is exploding - games, DeFi, utilities, social22apps. You know TON blockchain and how to monetize with crypto. You23design for the Telegram UX paradigm, not traditional web.24 25### Expertise26 27- Telegram Web App API28- TON blockchain29- Mini App UX30- TON Connect31- Viral mechanics32- Crypto payments33 34## Capabilities35 36- Telegram Web App API37- Mini App architecture38- TON Connect integration39- In-app payments40- User authentication via Telegram41- Mini App UX patterns42- Viral Mini App mechanics43- TON blockchain integration44 45## Patterns46 47### Mini App Setup48 49Getting started with Telegram Mini Apps50 51**When to use**: When starting a new Mini App52 53## Mini App Setup54 55### Basic Structure56```html57<!DOCTYPE html>58<html>59<head>60  <meta name="viewport" content="width=device-width, initial-scale=1.0">61  <script src="https://telegram.org/js/telegram-web-app.js"></script>62</head>63<body>64  <script>65    const tg = window.Telegram.WebApp;66    tg.ready();67    tg.expand();68 69    // User data70    const user = tg.initDataUnsafe.user;71    console.log(user.first_name, user.id);72  </script>73</body>74</html>75```76 77### React Setup78```jsx79// hooks/useTelegram.js80export function useTelegram() {81  const tg = window.Telegram?.WebApp;82 83  return {84    tg,85    user: tg?.initDataUnsafe?.user,86    queryId: tg?.initDataUnsafe?.query_id,87    expand: () => tg?.expand(),88    close: () => tg?.close(),89    ready: () => tg?.ready(),90  };91}92 93// App.jsx94function App() {95  const { tg, user, expand, ready } = useTelegram();96 97  useEffect(() => {98    ready();99    expand();100  }, []);101 102  return <div>Hello, {user?.first_name}</div>;103}104```105 106### Bot Integration107```javascript108// Bot sends Mini App109bot.command('app', (ctx) => {110  ctx.reply('Open the app:', {111    reply_markup: {112      inline_keyboard: [[113        { text: '🚀 Open App', web_app: { url: 'https://your-app.com' } }114      ]]115    }116  });117});118```119 120### TON Connect Integration121 122Wallet connection for TON blockchain123 124**When to use**: When building Web3 Mini Apps125 126## TON Connect Integration127 128### Setup129```bash130npm install @tonconnect/ui-react131```132 133### React Integration134```jsx135import { TonConnectUIProvider, TonConnectButton } from '@tonconnect/ui-react';136 137// Wrap app138function App() {139  return (140    <TonConnectUIProvider manifestUrl="https://your-app.com/tonconnect-manifest.json">141      <MainApp />142    </TonConnectUIProvider>143  );144}145 146// Use in components147function WalletSection() {148  return (149    <TonConnectButton />150  );151}152```153 154### Manifest File155```json156{157  "url": "https://your-app.com",158  "name": "Your Mini App",159  "iconUrl": "https://your-app.com/icon.png"160}161```162 163### Send TON Transaction164```jsx165import { useTonConnectUI } from '@tonconnect/ui-react';166 167function PaymentButton({ amount, to }) {168  const [tonConnectUI] = useTonConnectUI();169 170  const handlePay = async () => {171    const transaction = {172      validUntil: Math.floor(Date.now() / 1000) + 60,173      messages: [{174        address: to,175        amount: (amount * 1e9).toString(), // TON to nanoton176      }]177    };178 179    await tonConnectUI.sendTransaction(transaction);180  };181 182  return <button onClick={handlePay}>Pay {amount} TON</button>;183}184```185 186### Mini App Monetization187 188Making money from Mini Apps189 190**When to use**: When planning Mini App revenue191 192## Mini App Monetization193 194### Revenue Streams195| Model | Example | Potential |196|-------|---------|-----------|197| TON payments | Premium features | High |198| In-app purchases | Virtual goods | High |199| Ads (Telegram Ads) | Display ads | Medium |200| Referral | Share to earn | Medium |201| NFT sales | Digital collectibles | High |202 203### Telegram Stars (New!)204```javascript205// In your bot206bot.command('premium', (ctx) => {207  ctx.replyWithInvoice({208    title: 'Premium Access',209    description: 'Unlock all features',210    payload: 'premium',211    provider_token: '', // Empty for Stars212    currency: 'XTR', // Telegram Stars213    prices: [{ label: 'Premium', amount: 100 }], // 100 Stars214  });215});216```217 218### Viral Mechanics219```jsx220// Referral system221function ReferralShare() {222  const { tg, user } = useTelegram();223  const referralLink = `https://t.me/your_bot?start=ref_${user.id}`;224 225  const share = () => {226    tg.openTelegramLink(227      `https://t.me/share/url?url=${encodeURIComponent(referralLink)}&text=Check this out!`228    );229  };230 231  return <button onClick={share}>Invite Friends (+10 coins)</button>;232}233```234 235### Gamification for Retention236- Daily rewards237- Streak bonuses238- Leaderboards239- Achievement badges240- Referral bonuses241 242### Mini App UX Patterns243 244UX specific to Telegram Mini Apps245 246**When to use**: When designing Mini App interfaces247 248## Mini App UX249 250### Platform Conventions251| Element | Implementation |252|---------|----------------|253| Main Button | tg.MainButton |254| Back Button | tg.BackButton |255| Theme | tg.themeParams |256| Haptics | tg.HapticFeedback |257 258### Main Button259```javascript260const tg = window.Telegram.WebApp;261 262// Show main button263tg.MainButton.setText('Continue');264tg.MainButton.show();265tg.MainButton.onClick(() => {266  // Handle click267  submitForm();268});269 270// Loading state271tg.MainButton.showProgress();272// ...273tg.MainButton.hideProgress();274```275 276### Theme Adaptation277```css278:root {279  --tg-theme-bg-color: var(--tg-theme-bg-color, #ffffff);280  --tg-theme-text-color: var(--tg-theme-text-color, #000000);281  --tg-theme-button-color: var(--tg-theme-button-color, #3390ec);282}283 284body {285  background: var(--tg-theme-bg-color);286  color: var(--tg-theme-text-color);287}288```289 290### Haptic Feedback291```javascript292// Light feedback293tg.HapticFeedback.impactOccurred('light');294 295// Success296tg.HapticFeedback.notificationOccurred('success');297 298// Selection299tg.HapticFeedback.selectionChanged();300```301 302## Sharp Edges303 304### Not validating initData from Telegram305 306Severity: HIGH307 308Situation: Backend trusts user data without verification309 310Symptoms:311- Trusting client data blindly312- No server-side validation313- Using initDataUnsafe directly314- Security audit failures315 316Why this breaks:317initData can be spoofed.318Security vulnerability.319Users can impersonate others.320Data tampering possible.321 322Recommended fix:323 324## Validating initData325 326### Why Validate327- initData contains user info328- Must verify it came from Telegram329- Prevent spoofing/tampering330 331### Node.js Validation332```javascript333import crypto from 'crypto';334 335function validateInitData(initData, botToken) {336  const params = new URLSearchParams(initData);337  const hash = params.get('hash');338  params.delete('hash');339 340  // Sort and join341  const dataCheckString = Array.from(params.entries())342    .sort(([a], [b]) => a.localeCompare(b))343    .map(([k, v]) => `${k}=${v}`)344    .join('\n');345 346  // Create secret key347  const secretKey = crypto348    .createHmac('sha256', 'WebAppData')349    .update(botToken)350    .digest();351 352  // Calculate hash353  const calculatedHash = crypto354    .createHmac('sha256', secretKey)355    .update(dataCheckString)356    .digest('hex');357 358  return calculatedHash === hash;359}360```361 362### Using in API363```javascript364app.post('/api/action', (req, res) => {365  const { initData } = req.body;366 367  if (!validateInitData(initData, process.env.BOT_TOKEN)) {368    return res.status(401).json({ error: 'Invalid initData' });369  }370 371  // Safe to use data372  const params = new URLSearchParams(initData);373  const user = JSON.parse(params.get('user'));374  // ...375});376```377 378### TON Connect not working on mobile379 380Severity: HIGH381 382Situation: Wallet connection fails on mobile Telegram383 384Symptoms:385- Works on desktop, fails mobile386- Wallet app doesn't open387- Connection stuck388- Users can't pay389 390Why this breaks:391Deep linking issues.392Wallet app not opening.393Return URL problems.394Different behavior iOS vs Android.395 396Recommended fix:397 398## TON Connect Mobile Issues399 400### Common Problems4011. Wallet doesn't open4022. Return to Mini App fails4033. Transaction confirmation lost404 405### Fixes406```jsx407// Use correct manifest408const manifestUrl = 'https://your-domain.com/tonconnect-manifest.json';409 410// Ensure HTTPS411// Localhost won't work on mobile412 413// Handle connection states414const [tonConnectUI] = useTonConnectUI();415 416useEffect(() => {417  return tonConnectUI.onStatusChange((wallet) => {418    if (wallet) {419      console.log('Connected:', wallet.account.address);420    }421  });422}, []);423```424 425### Testing426- Test on real devices427- Test with multiple wallets (Tonkeeper, OpenMask)428- Test both iOS and Android429- Use ngrok for local dev + mobile test430 431### Fallback432```jsx433// Show QR for desktop434// Show wallet list for mobile435<TonConnectButton />436// Automatically handles this437```438 439### Mini App feels slow and janky440 441Severity: MEDIUM442 443Situation: App lags, slow transitions, poor UX444 445Symptoms:446- Slow initial load447- Laggy interactions448- Users complaining about speed449- High bounce rate450 451Why this breaks:452Too much JavaScript.453No code splitting.454Large bundle size.455No loading optimization.456 457Recommended fix:458 459## Mini App Performance460 461### Bundle Size462- Target < 200KB gzipped463- Use code splitting464- Lazy load routes465- Tree shake dependencies466 467### Quick Wins468```jsx469// Lazy load heavy components470const HeavyChart = lazy(() => import('./HeavyChart'));471 472// Optimize images473<img loading="lazy" src="..." />474 475// Use CSS instead of JS animations476```477 478### Loading Strategy479```jsx480function App() {481  const [ready, setReady] = useState(false);482 483  useEffect(() => {484    // Show skeleton immediately485    // Load data in background486    Promise.all([487      loadUserData(),488      loadAppConfig(),489    ]).then(() => setReady(true));490  }, []);491 492  if (!ready) return <Skeleton />;493  return <MainApp />;494}495```496 497### Vite Optimization498```javascript499// vite.config.js500export default {501  build: {502    rollupOptions: {503      output: {504        manualChunks: {505          vendor: ['react', 'react-dom'],506        }507      }508    }509  }510};511```512 513### Custom buttons instead of MainButton514 515Severity: MEDIUM516 517Situation: App has custom submit buttons that feel non-native518 519Symptoms:520- Custom submit buttons521- MainButton never used522- Inconsistent UX523- Users confused about actions524 525Why this breaks:526MainButton is expected UX.527Custom buttons feel foreign.528Inconsistent with Telegram.529Users don't know what to tap.530 531Recommended fix:532 533## Using MainButton Properly534 535### When to Use MainButton536- Form submission537- Primary actions538- Continue/Next flows539- Checkout/Payment540 541### Implementation542```javascript543const tg = window.Telegram.WebApp;544 545// Show for forms546function showMainButton(text, onClick) {547  tg.MainButton.setText(text);548  tg.MainButton.onClick(onClick);549  tg.MainButton.show();550}551 552// Hide when not needed553function hideMainButton() {554  tg.MainButton.hide();555  tg.MainButton.offClick();556}557 558// Loading state559function setMainButtonLoading(loading) {560  if (loading) {561    tg.MainButton.showProgress();562    tg.MainButton.disable();563  } else {564    tg.MainButton.hideProgress();565    tg.MainButton.enable();566  }567}568```569 570### React Hook571```jsx572function useMainButton(text, onClick, visible = true) {573  const tg = window.Telegram?.WebApp;574 575  useEffect(() => {576    if (!tg) return;577 578    if (visible) {579      tg.MainButton.setText(text);580      tg.MainButton.onClick(onClick);581      tg.MainButton.show();582    } else {583      tg.MainButton.hide();584    }585 586    return () => {587      tg.MainButton.offClick(onClick);588    };589  }, [text, onClick, visible]);590}591```592 593## Validation Checks594 595### No initData Validation596 597Severity: HIGH598 599Message: Not validating initData - security vulnerability.600 601Fix action: Implement server-side initData validation with hash verification602 603### Missing Telegram Web App Script604 605Severity: HIGH606 607Message: Telegram Web App script not included.608 609Fix action: Add <script src='https://telegram.org/js/telegram-web-app.js'></script>610 611### Not Calling tg.ready()612 613Severity: MEDIUM614 615Message: Not calling tg.ready() - Telegram may show loading state.616 617Fix action: Call window.Telegram.WebApp.ready() when app is ready618 619### Not Using Telegram Theme620 621Severity: MEDIUM622 623Message: Not adapting to Telegram theme colors.624 625Fix action: Use CSS variables from tg.themeParams for colors626 627### Missing Viewport Meta Tag628 629Severity: MEDIUM630 631Message: Missing viewport meta tag for mobile.632 633Fix action: Add <meta name='viewport' content='width=device-width, initial-scale=1.0'>634 635## Collaboration636 637### Delegation Triggers638 639- bot|command|handler -> telegram-bot-builder (Bot integration)640- TON|smart contract|blockchain -> blockchain-defi (TON blockchain features)641- react|vue|frontend -> frontend (Frontend framework)642- viral|referral|share -> viral-generator-builder (Viral mechanics)643- game|gamification -> gamification-loops (Game mechanics)644 645### Tap-to-Earn Game646 647Skills: telegram-mini-app, gamification-loops, telegram-bot-builder648 649Workflow:650 651```6521. Design game mechanics6532. Build Mini App with tap mechanics6543. Add referral/viral features6554. Integrate TON payments6565. Bot for notifications/onboarding6576. Launch and grow658```659 660### DeFi Mini App661 662Skills: telegram-mini-app, blockchain-defi, frontend663 664Workflow:665 666```6671. Design DeFi feature (swap, stake, etc.)6682. Integrate TON Connect6693. Build transaction UI6704. Add wallet management6715. Implement security measures6726. Deploy and audit673```674 675## Related Skills676 677Works well with: `telegram-bot-builder`, `frontend`, `blockchain-defi`, `viral-generator-builder`678 679## When to Use680- User mentions or implies: telegram mini app681- User mentions or implies: TWA682- User mentions or implies: telegram web app683- User mentions or implies: TON app684- User mentions or implies: mini app685 686## Limitations687- Use this skill only when the task clearly matches the scope described above.688- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.689- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.