What messengers does Bondify support?
What messengers does Bondify support?
Telegram is live today. WhatsApp and Discord are on the roadmap and are coming soon. All existing SDKs are designed to accommodate additional channels — you will not need to rewrite your integration when new platforms launch.
Do my users need to have Telegram?
Do my users need to have Telegram?
Yes — for Telegram-based authentication, your users must have a Telegram account and the Telegram app installed. Future support for WhatsApp and Discord will similarly require the respective app. Bondify is designed as a messenger-native auth layer rather than an email or SMS fallback.
Is Bondify secure?
Is Bondify secure?
Yes. Every authentication session produces a cryptographic proof signed with HMAC-SHA256 using your project’s secret key. The proof is a signed JWT that cannot be forged or replayed. You verify it server-side with
verifyProof() before creating any session — meaning even if a client-side value is manipulated, it will not pass server-side verification. Bondify also uses replay protection: each proof can only be verified once.Can I try Bondify for free?
Can I try Bondify for free?
Yes. The Starter plan is permanently free — no credit card required, no trial expiry. It includes 1,000 monthly authentication events, one project, and access to all SDKs and webhooks. You can build and ship a production integration without spending anything.
How long do sessions last?
How long do sessions last?
A Bondify auth session expires after 10 minutes if it is not confirmed by the user in Telegram. The session status moves to
expired and any ongoing polling receives that status in response. The 10-minute server-side expiry is fixed and cannot be overridden — plan your UI accordingly by surfacing a clear timeout message or a retry button when expiry is detected.What happens if a user cancels the login?
What happens if a user cancels the login?
If the user taps Cancel in the Telegram bot message, the session status immediately moves to
cancelled. The SDK surfaces this as an error callback or a rejected promise depending on how you have set up your integration. Your polling loop exits automatically when cancelled is received. Show the user a friendly, non-alarming message and give them the option to try again — cancellation is a deliberate action, not a system error.Can I use Bondify without React?
Can I use Bondify without React?
Yes. You have two non-React options:
- HTML widget (CDN) — add a single
<script>tag pointing to the Bondify CDN build. The widget renders a sign-in button with no framework required. - REST API directly — call the Bondify API to create and poll sessions from any server-side or non-React environment. Refer to the API reference for the session creation and verification endpoints.
@bondify/react) is a convenience layer on top of the same underlying JavaScript SDK — if you are not using React, the lower-level SDK or direct API calls are the correct path.Is the proof safe to send from the client to my server?
Is the proof safe to send from the client to my server?
Yes. The proof is a signed JWT produced by Bondify’s backend. It is safe to transmit over HTTPS from your frontend to your backend — it cannot be forged or modified without invalidating the signature. However, you must still call
verifyProof() on your server before trusting it. Transmitting the proof securely is not the same as trusting it — verification is what establishes trust.What should I do if my secret key is compromised?
What should I do if my secret key is compromised?
Rotate it immediately. Go to the Bondify dashboard, open the relevant project, and click Regenerate key. A new secret key is generated instantly; the old one becomes invalid at the same moment. Then update your server environment variable (
BONDIFY_SECRET_KEY) and redeploy. Any proof tokens signed with the old key will begin failing verifyProof() immediately, so rotate and redeploy as quickly as possible to minimise disruption.Does Bondify store my users' Telegram messages?
Does Bondify store my users' Telegram messages?
No. Bondify never reads or stores Telegram messages. When a user confirms a login through the Bondify bot, the only data the platform receives and stores is the user’s Telegram ID, display name, and username (if set). No message content, contacts, or other account data is ever accessed.
Can I have multiple projects?
Can I have multiple projects?
Pro and Business plans support unlimited projects — you can create as many as you need, each with its own project ID, secret key, and webhook URL. The Starter plan supports one project. If you are building multiple apps on Starter, you will need to upgrade to Pro to give each app its own isolated configuration.
How do I get support?
How do I get support?
Support availability depends on your plan:
You can reach the community at bondify.dev/contact.
| Plan | Support channel | Response time |
|---|---|---|
| Starter | Community (GitHub Discussions, forums) | Best effort |
| Pro | Email support | 12-hour SLA |
| Business | Dedicated support contact | Priority queue |