Skip to main content

Mini App

Mr. AnonymousLess than 1 minute

We verify the integrity of the received data by comparing the received hash parameter with the hexadecimal representation of the HMAC-SHA-256 signature of the data validation string with the secret key that is the HMAC-SHA-256 signature of the bot token with the constant string WebAppData used as a key Details hereopen in new window

🚀 A complete code example is available at this page



$initData = $bot->validateInitData(
  initData: 'query_id=...',
  throw: true

💡 Upon successful validation, the method will return all existing user data that can be used on your server.



  • Type: string
  • Required: Yes

A string of raw user data passed to the applet.

Additional Informationopen in new window


  • Type: bool
  • Required: No
  • Default: null. Default settings apply

If set to true, the library will throw an exception if validation fails.


Be sure to use `try/catch' if you plan to handle exceptions 😉

If exceptions are enabled, you will get a ValidationException exception after a validation failure. Otherwise, false will be returned.