When you contacts.resolveUsername, the result always contains both id and access_hash. It creates confusion for API users, as to why you are only able to resolve a user/chat/channel only by their username or by their (id, access_hash) pair (eg. here and here).
I tried searching the telegram API homepage for info, but found no info about the meaning of access_hash.
I really am confused as to why you would need something more than id (or username). I’d like to know the nature of this access_hash:
- Does it change over time?
- Does it mean anything at all?
- Is it safe to store in the database and be certain that it’s
constant? - Does it differ from account to account (e.g. I called
contacts.resolveUsernamefrom account #1 and then from #2, do I
get the same number?)?
I know libs like pyrogram, telethon store this access_hash inside their local sqlite databases. This way they make it possible to call high level functions which require both id and access_hash using only id.
2
Answers
The
access_hashvalues commonly appear in Telegram’s API when access to something should be "restricted" in some way. You can findaccess_hashfor users, channels, or even media objects.I’ll be using Telethon for the examples below, but the same applies to any library interacting with Telegram’s API.
Does it change over time? Probably not. To the best of my knowledge, the
access_hashdoes not change over time. I have not heard of any reports from users claiming that theaccess_hashhas changed.It is impossible to know for sure, as that would require access to the code the Telegram servers are using for this (and they could change their implementation at any time), but I’ve been working with Telegram for a very long time, and I can confidently say it likely never changes.
Does it mean anything at all? Not by itself. It’s just a random-looking number. However, it is proof that you have access to a particular object, whether that’s an user, channel, or media.
If the
access_hashdidn’t exist, you could try guessing random IDs, which would for example make it possible to enumerate every user registered to Telegram!:Thankfully, the above code won’t work, because in order to fetch user information, the
access_hashneeds to be known. But since it’s random, and different for each account, it’s pretty much impossible to guess. Thus, theaccess_hashkeeps your account safe (as long as there’s no way to "reach" it by other means, e.g. via a message forwarded from you, or your participation in public groups).Is it safe to store in the database and be certain that it’s constant? Yes. Telethon v1 for example stores the
access_hashinside its.sessionfile, which lets you use just theidto refer to users and channels, as long as the library has "seen" (and cached) theiraccess_hashbefore.If you’ve saved an
access_hashbefore, you can reuse it later on your own:Does it differ from account to account? Yes. The
access_hashis unique to each account. For example, if Account_A fetches Channel_X, it may haveid=123, access_hash=456. But if Account_B fetches the same Channel_X, it may haveid=123, access_hash=789.This means you cannot fetch an
access_hashin Account_A and then try using it in Account_B, as it won’t work (stickers seem to have been an exception at some point).Every account will see the same ID for the same thing (messages appear to be an exception, but in reality they follow the same rules; they’re duplicated for each account unless they occur inside a channel, so the "same" message can appear to have a different ID.)
thank for amazing answer ,
my question is :
if i have like 10 account as "MyAccount1 ,2,3.. " i want other telegeram account as ‘OtherAccount1’ access_hash it will give each account from my accounts deff access_hash or all be same access_hash with 1 account ?