How do I get a Telegram bot token for Hermes?

Open Telegram, message @BotFather, send /newbot, pick a display name and a username ending in 'bot', and BotFather returns an HTTP API token. Store that token in your secrets manager and reference it from the Hermes Telegram channel config.

How do I stop strangers from using my Hermes Telegram bot?

Set a per-sender allowlist containing only your numeric Telegram user ID (get it from @userinfobot). Hermes silently ignores messages from any account not on the list. In group chats, run mention-only so the bot replies only when explicitly addressed.

Can Hermes run in a Telegram group?

Yes. Add the bot to the group, disable privacy mode in BotFather if you need it to see all messages, and run mention-only so it responds just when tagged. Keep the allowlist on so only approved members can trigger actions.

Last updated: 2026-06-01

Hermes Channel Setup: Telegram

Telegram is the fastest way to put Hermes in your pocket: create a bot, paste a token, lock it to your account, and you can delegate to your agent from anywhere while it works on a server back home. This guide covers the five-minute setup and — just as importantly — the allowlist that keeps strangers out.

1. Create a bot with BotFather

In Telegram, search for @BotFather (the official bot, blue checkmark) and start a chat.
Send /newbot. Choose a display name (e.g. "My Hermes") and a username ending in bot (e.g. my_hermes_bot).
BotFather replies with an HTTP API token that looks like 123456789:ABCdefGhIJKlmNoPQRstuVWxyz. Treat it like a password.

2. Wire the token into Hermes

Store the token in your secrets manager or an environment variable — not in a config file committed to git — and point the Telegram channel at it. In the Hermes config the Telegram channel needs the bot token and the allowlist (next step). After saving, restart the daemon so it picks up the new channel.

Keep the token out of chat and git

Anyone with the bot token can impersonate your bot. Store it in env/secrets, rotate it (BotFather → /revoke) if it ever leaks, and never paste it into a channel the agent reads. See the security guide for key hygiene.

3. Lock it down with an allowlist

A fresh bot will talk to anyone who finds it. Fix that before doing anything real:

Get your numeric Telegram user ID: message @userinfobot, which replies with your ID.
Add that ID to the Telegram channel's allowlist in the Hermes config. Hermes silently drops messages from any account not on the list.
Restart and confirm: message the bot from your account (it replies), then have a friend message it (it ignores them).

4. Running in a group

Add the bot to the group and, if it needs to read all messages (not just commands), disable privacy mode in BotFather (/setprivacy → Disable).
Run mention-only. Configure the agent to respond only when explicitly mentioned, so it doesn't reply to every message or leak data to the whole group on a stray trigger.
Keep the allowlist on. Only approved members should be able to issue commands, even inside a trusted group.

Troubleshooting

Bot doesn't reply: confirm the daemon is running, the token is correct, and your user ID is on the allowlist (the most common cause of silent non-replies).
Replies in DM but not group: privacy mode is on — disable it in BotFather, or address the bot with its @username.
Replies to everyone in a group: mention-only isn't enabled — turn it on so it only answers when tagged.

More fixes in the Hermes troubleshooting guide.