Binds a temporary authorization key temp_auth_key_id to the permanent authorization key perm_auth_key_id. Each permanent key may only be bound to one temporary key at a time, binding a new temporary key overwrites the previous one.

For more information, see Perfect Forward Secrecy.

boolFalse#bc799737 = Bool;
boolTrue#997275b5 = Bool;
auth.bindTempAuthKey#cdd42a05 perm_auth_key_id:long nonce:long expires_at:int encrypted_message:bytes = Bool;


Name Type Description
perm_auth_key_id long Permanent auth_key_id to bind to
nonce long Random long from Binding message contents
expires_at int Unix timestamp to invalidate temporary key, see Binding message contents
encrypted_message bytes See Generating encrypted_message



Possible errors

Code Type Description
400 ENCRYPTED_MESSAGE_INVALID Encrypted message is incorrect
400 INPUT_REQUEST_TOO_LONG The request is too big
400 TEMP_AUTH_KEY_ALREADY_BOUND The passed temporary key is already bound to another perm_auth_key_id
400 TEMP_AUTH_KEY_EMPTY The request was not performed with a temporary authorization key

Generating encrypted_message

The client begins by creating a special binding message:

Binding message contents

bind_auth_key_inner#75a3f765 nonce:long temp_auth_key_id:long perm_auth_key_id:long temp_session_id:long expires_at:int = BindAuthKeyInner;
nonce long Random long
temp_auth_key_id long Temporary auth_key_id
perm_auth_key_id long Permanent auth_key_id to bind to
temp_session_id long Session id, which will be used to invoke auth.bindTempAuthKey method
expires_at int Unix timestamp to invalidate temporary key

Encrypting the binding message

This binding message is encrypted in the usual way, but with MTProto v1 using the perm_auth_key. In other words, one has to prepend random:int128 (it replaces the customary session_id:long and salt:long that are irrelevant in this case), then append the same msg_id that will be used for the request, a seqno equal to zero, and the correct msg_len (40 bytes in this case); after that, one computes the msg_key:int128 as SHA1 of the resulting string, appends padding necessary for a 16-byte alignment, encrypts the resulting string using the key derived from perm_auth_key and msg_key, and prepends perm_auth_key_id and msg_key to the encrypted data as usual.


Once encrypted_message is ready, an auth.bindTempAuthKey request is sent to the server using temp_auth_key and temp_session_id. Don't forget to rewrite client info using initConnection when the binding is completed.

Bots can use this method

Related pages

Perfect Forward Secrecy

Binding temporary authorization key to permanent ones.


A basic bare type, elements of which correspond to two-element sequences, representing 64-bit signed numbers (little-endian).

More on basic types »


A basic bare type, the values of which correspond to single-element sequences, i.e. numbers from -2^31 to 2^31-1 which in this case represent themselves.

More on basic types »

Mobile Protocol: Detailed Description

Calling API Methods

Additional options for calling methods.


Initialize connection