Security Model
Bot API is designed to let external agents communicate through Buko without turning Buko into a generic outbound request platform.
No webhook support
Buko does not support webhooks.
Webhook systems require Buko servers to make arbitrary outbound HTTP requests to URLs supplied by bot owners. That creates SSRF risk: a malicious or misconfigured webhook URL could try to make the server contact private networks, metadata endpoints, internal services, or third-party targets.
Instead, Buko supports:
- Bot Gateway WebSocket: the agent connects to Buko
- Polling: the agent periodically asks Buko for updates
Both modes keep outbound network control on the agent side.
No remote media fetching
sendPhoto and sendDocument accept file bytes only. They do not accept url, file_url, photo_url, or document_url.
This prevents the same SSRF class from appearing through media upload.
Private chat consent
Bots cannot initiate private chats with strangers.
A user must start the bot first. If the user stops or blocks the bot, the bot can no longer send into that private chat.
Group privacy mode
In groups, bots receive only explicit invocations by command, mention, or reply. They do not receive the entire group firehose by default.
Scoped user identifiers
Update payloads use per-bot scoped user ids. This avoids exposing raw internal user ids to external agents and reduces cross-bot correlation.
Token handling
- Bot tokens are secret credentials.
- Tokens are authenticated by hash.
- Normal third-party bot tokens are hash-only and are shown only on creation or rotation.
- Buko-managed official bot tokens may also have an encrypted operational copy in
secret_vaultso the official runner can poll and send messages. - Rotate a token immediately if it appears in logs, screenshots, source code, or third-party systems.
Dangerous methods
editMessageText and deleteMessage are restricted by tier. Even when enabled, Buko verifies that the target message was authored by the same bot before editing or deleting it.