Skip to Content
Profiles & AccountsTelegram Session String

Generating a Telegram Session String

To connect a Telegram profile in Community Swarm, you need a session string — a portable, encoded representation of an authenticated Telegram session. This string allows Community Swarm to operate as your Telegram account without requiring you to re-enter verification codes on every startup.

Session strings are generated using either Telethon or Pyrogram, two popular Python libraries for the Telegram API. Both produce a valid session string that Community Swarm accepts.

Prerequisites

Before generating a session string, make sure you have:

  1. Telegram API credentials (api_id and api_hash) — If you don’t have these yet, follow the Telegram API Setup guide first.
  2. Python 3.8 or later installed on your computer.
  3. pip (Python’s package manager) — included with most Python installations.

You can check your Python version by running python3 --version (or python --version on Windows) in your terminal. If Python is not installed, download it from python.org .

Generate Your Session String

Choose either Telethon or Pyrogram — both produce a valid session string. Use whichever you prefer.

Install Telethon

Open your terminal and run:

pip install telethon

Create the script

Create a new file called generate_session.py and paste the following code:

from telethon.sync import TelegramClient
from telethon.sessions import StringSession
 
api_id = int(input("Enter your API ID: "))
api_hash = input("Enter your API Hash: ")
 
with TelegramClient(StringSession(), api_id, api_hash) as client:
    print("\n" + "=" * 60)
    print("YOUR SESSION STRING (copy everything below):")
    print("=" * 60)
    print(client.session.save())
    print("=" * 60)

Run the script

python generate_session.py

The script will prompt you for:

  1. API ID — Your numeric api_id from my.telegram.org 
  2. API Hash — Your 32-character api_hash
  3. Phone number — The phone number associated with your Telegram account (include country code, e.g., +15551234567)
  4. Verification code — Telegram will send a code to your Telegram app. Enter it when prompted.
  5. 2FA password — If your account has two-factor authentication enabled, enter your password when prompted.

Copy the session string

After successful authentication, the script will output your session string — a long string of characters starting with 1. Copy the entire string exactly as shown between the separator lines.

The session string is typically a single long line with no spaces or line breaks. Make sure you copy the complete string without accidentally truncating it.

Adding to Community Swarm

Once you have your session string, add it to your profile:

Go to the Profiles page

Log in to your Community Swarm dashboard and navigate to Profiles in the sidebar.

Open the credentials dialog

Find your Telegram profile and click the three-dot menu (⋮) → Credentials.

Paste the session string

Paste your session string into the Session String field. Make sure the entire string is pasted without any extra spaces or line breaks.

Save

Click Save Credentials. Community Swarm will encrypt and store the session string immediately. Your profile is now ready to connect.

Your session string is encrypted immediately. Community Swarm encrypts all credentials using AES-256-GCM before storing them in the database. The session string is never stored in plaintext and is only decrypted when the userbot service needs to establish a connection.

Security Best Practices

  • A session string provides full access to your Telegram account. Anyone with it can read and send messages, join groups, and modify account settings. Treat it like a password.
  • Generate session strings only on trusted devices. Do not run the script on shared or public computers.
  • Delete the script after use. Once you have your session string saved in Community Swarm, remove the generate_session.py file from your computer.
  • Do not share session strings in public channels, repositories, or documents.
  • Use dedicated accounts for Community Swarm rather than your personal Telegram account.
  • Monitor active sessions. In Telegram, go to Settings > Devices to see all connected sessions. You can terminate suspicious sessions from there.

Troubleshooting

”FLOOD_WAIT_X” error

Telegram has rate-limited your requests. The X indicates how many seconds you must wait before trying again. Wait the specified time and re-run the script.

”Invalid api_id” or “Invalid api_hash” error

Verify that your API credentials are correct by logging into my.telegram.org . The api_hash must be exactly 32 hexadecimal characters with no extra spaces.

”PhoneCodeInvalid” error

The verification code you entered was incorrect or expired. Re-run the script and enter the new code promptly — codes expire after approximately 60 seconds.

”SessionPasswordNeeded” error

Your account has two-factor authentication enabled. Enter your 2FA password when the script prompts you. If you’ve forgotten it, you’ll need to reset it through Telegram’s settings.

”AUTH_KEY_UNREGISTERED” or session expired

The session string has become invalid. This can happen if you terminated all active sessions from Telegram settings, or if Telegram invalidated the session. Generate a new session string by re-running the script.

”PhoneNumberBanned” error

The Telegram account associated with this phone number has been banned. You will need to use a different account or contact Telegram support to appeal.

Last updated on
Telegram API SetupManaging Profiles