Telethon sessions encode the full authentication state of a Telegram client — the authorization key, server addresses, and account identity. By default, Telethon writes this state to a local SQLite file. In a containerized environment that file disappears with the container, forcing the user to re-authenticate on every restart. Telegram Connector replaces the local file strategy with an S3-backedDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/OPENNOVA2026/telegram-connector/llms.txt
Use this file to discover all available pages before exploring further.
SessionManager that loads session data on startup and saves it back on shutdown, keeping authentication state durable across deployments.
How it works
TheSessionManager class in src/domain/session_manager.py owns the full lifecycle of a Telethon StringSession. At boot time the FastAPI lifespan handler calls session_manager.load(); at shutdown it calls session_manager.save().
Load on startup
session_manager.load() calls s3_client.get_object() targeting the configured bucket and key. Three outcomes are possible:- Object found and non-empty — the raw string is deserialized into a
StringSessionand stored on the manager. The Telethon client is initialized with this session and is immediately authenticated without any OTP flow. - Object empty — a fresh
StringSession()is created. The client will need to sign in before it can perform any operations. NoSuchKey/404error — the key does not exist yet (first run). A freshStringSession()is created, identical to the empty case above.
ClientError (permissions problem, unreachable bucket, etc.) is re-raised immediately, preventing a misconfigured service from starting in a broken state.Persist after sign-in
Once the user completes the Telegram sign-in flow via the REST API,
client.persist_session() first calls session_manager.update_from_client(self.session) — which snapshots the live Telethon session into a fresh StringSession — and then immediately calls session_manager.save() to write it to S3. This ensures the authenticated session is durable even if the container is replaced before a clean shutdown.Save on shutdown
When FastAPI’s
lifespan context exits (graceful shutdown), session_manager.save() serializes the current StringSession via session.save() and uploads the resulting string to S3 as UTF-8 plain text with ContentType: text/plain. The next startup will find this object and skip re-authentication.update_from_client is intentional — it snapshots the session at a known point rather than holding a live reference that Telethon might mutate:
S3 key structure
All session objects share a predictable key layout inside the configured bucket:SESSION environment variable (default: teleapp) acts as a namespace. This means a single S3 bucket can host sessions for multiple independent connector instances — each with its own SESSION value — without any key collisions.
Example: with SESSION=production-bot and AWS_S3_SESSION_BUCKET=my-telegram-sessions, the session object lives at:
Required AWS permissions
The IAM principal used by the service needs only two S3 actions, scoped to the target bucket and key prefix:| Permission | When it is used |
|---|---|
s3:GetObject | session_manager.load() on startup — fetching the persisted session string |
s3:PutObject | session_manager.save() on shutdown and after sign-in — writing the updated session string |
my-telegram-sessions looks like this:
s3:ListBucket, s3:DeleteObject, or other actions are required by the session manager.
Using a local S3-compatible store (MinIO)
For local development or self-hosted environments you can point Telegram Connector at any S3-compatible store. MinIO is a common choice. Set the following variables in your.env:
S3Client in src/clients/s3_client.py passes endpoint_url directly to boto3.client(), so any store that implements the S3 API will work as a drop-in replacement for AWS S3.