Telegram notifications in n8n workflows

Telegram notifications in n8n

I use n8n every week to glue systems together. Notifications are a small part of that, but when they fail you lose sight of what the automation is doing. This is how I set up Telegram alerts, keep the bot locked down, test delivery, and decide when Telegram is the wrong channel.

Why I use it for alerts

n8n workflows are node-based automations that run on a server or cloud instance. A workflow takes input, runs logic, and sends output. I treat notifications as part of the operational surface area. If the alert path breaks, the job may still run, but you will not know about it.

I keep alerts in short, single-purpose workflows. One workflow watches a log file and sends a Telegram message when a specific error appears. That keeps the notification logic separate from the main processing and makes failures easier to spot.

Message content and privacy

Notifications should be short, useful, and safe to send. A message that includes sensitive data should not go out in clear text on an unencrypted channel. I split alerts into two groups: status alerts and incident alerts. Status alerts are routine. Incident alerts may include identifiers or error traces, so they need more care.

Keep secrets out of the message text. If a notification needs to point at private data, send a short-lived token or a URL that requires authentication.

Telegram in practice

Telegram is handy because the Bot API is simple and supported by automation tools. n8n has a Telegram node and community nodes that can send messages, photos, or markdown-style text. For quick alerts, it is low friction. For sensitive content, I use it as a trigger that points to a secure UI rather than a place to dump logs.

If end-to-end encryption is a hard requirement, pick a different channel. Telegram supports secret chats for user-to-user encryption, but bot messages are not end-to-end encrypted.

Setting up the bot

  1. Open Telegram and message @BotFather.
  2. Send /newbot and follow the prompts. Pick a clear name and a short username ending in bot. BotFather returns an HTTP token that looks like 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11.
  3. Store the token in your secrets store. I put it in an environment variable on the n8n host, not in the workflow JSON.

Set a bot description and command list with BotFather if you want easier testing later. It saves a bit of faff.

Configuring n8n

  1. In n8n, open Credentials and create a new Telegram Bot credential. Paste the token from BotFather.
  2. Create a workflow and add a trigger node, for example an HTTP Request or Cron node.
  3. Add the Telegram node and choose the credential you created.
  4. Configure the Telegram node:
  • Resource: Message
  • Operation: Send Message
  • Chat ID: use your own chat id for testing. You can get it by messaging the bot and using getUpdates on the Bot API, or by using a small test node that calls getUpdates.
  • Text: keep it under 4,096 characters. Use concise content and avoid secrets.

Example n8n node data for a simple send:

  • chatId: 123456789
  • text: Service X: error count > 50. Check https://status.example.com/incident/123

I keep messages short and link to a secure dashboard rather than embedding sensitive data.

Testing the integration

  1. Trigger the workflow manually from the editor.
  2. Check that the message arrives in Telegram within a few seconds.
  3. If nothing arrives, open the workflow execution log in n8n. Look for HTTP response codes from the Telegram API. A 401 usually means a bad token. A 400 often means an invalid chat id or malformed message.

Change the message text to something obvious, such as n8n test: 2025-11-02 12:00, trigger it again, and check that the timestamp matches. That proves the send path and rules out timing confusion.

Common failures

  • Bad token: BotFather token copied incorrectly. Use a fresh paste from the secrets store.
  • Wrong chat id: chat ids for groups and channels can be negative or prefixed. For private chats, use the numeric id returned by getUpdates.
  • Rate limits: Telegram enforces limits. If your workflow sends bursts, add a small delay node or queue messages.
  • Formatting errors: Telegram supports markdown and HTML. If the markup breaks, switch to plain text and check the message content.

If the workflow shows a successful HTTP 200 but no message arrives, check whether the bot has been blocked or removed from the group.

Security settings

I lock Telegram notifications down in three ways.

  1. Secrets handling

    • Keep the bot token in an environment variable or a vault. Do not hard-code it in workflows or JSON exports.
    • Rotate the token yearly or after any suspicious activity.
  2. Minimal permissions

    • Only add the bot to the chats that need it. Use private chats for operational alerts.
    • Avoid large groups where the message can be read by many people.
  3. Message hygiene

    • Strip sensitive fields from messages. Use placeholders and send a secure link for details.
    • When a workflow needs to send logs, upload them to a secure location with a short-lived link and send only the link.

If you need higher confidentiality, treat Telegram as a trigger to open a secure channel rather than somewhere to store secrets. That keeps the notification surface small.

Other options

Telegram is quick to set up, but it is not always the right choice. Other options are worth a look:

  • WhatsApp Business API: wide reach and end-to-end encryption in normal chats, but setup can require a business account and vetting.
  • Matrix or Signal: better for secure messaging and privacy, but n8n integration may need extra work or bridges.
  • Email with PGP or S/MIME: practical for long-form content and attachments, but not instant.
  • Webhooks to a secure dashboard or incident management system: keeps sensitive details inside systems with access control.

For routine operational alerts, Telegram is fine. For anything with personal data or credentials, use a channel built for secure messaging or send a link that requires authentication.

Related posts

Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in...

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...