Skip to main content

Production go-live checklist for MPChat bots (security, retries, logging, smoke test)

What to verify before shipping an MPChat bot: token and webhook security, rate-limit retries, log redaction, high-risk API approvals, and a 5-step smoke test.

Tick every box before go-live. Most production incidents come from leaked tokens, missing retries, or auto-executing high-risk methods.


Overview

A pre-launch checklist grouped by concern. Pair it with the smoke test at the end.

Token security

  • Token only in secret management / environment variables, never in the repo.

  • Separate tokens for production and test bots.

  • CI/CD injects secrets; nothing printed to build logs.

  • A documented token-leak rotation SOP exists.

Webhook security

  • HTTPS public URL.

  • secret_token set and the X-MpChat-Bot-Api-Secret-Token header validated.

  • The webhook endpoint does not expose admin interfaces.

  • Verify in a test environment before running setWebhook on production.

Rate limits and retries

  • Client-side throttle at or below 30 req/s per token.

  • Exponential backoff on 429 and 500; no retry on 400/401/403; reconcile polling vs webhook on 409.

  • Bound concurrency for batch operations.

Log redaction

  • No token, full initData, or sensitive user fields in logs.

  • Error reporting has redaction rules.

  • Access logs do not store the full webhook URL with its secret.

High-risk APIs (DocOnly, require approval + rollback)

  • logOut, leaveChat, deleteMessage(s), banChatMember, setWebhook, deleteWebhook.

  • Deployment pipelines contain no automatic calls to these.

  • The runbook records the approver and rollback steps.

Smoke test

  1. getMe — token valid.

  2. getWebhookInfo — URL correct.

  3. Simulate a user message — webhook receives the update.

  4. sendMessage — reply succeeds.

  5. (If applicable) initData verification passes.

Related

Also verify idempotency: assess the business side effects of a repeated sendMessage, and persist a webhook update before returning 200.

Did this answer your question?