GHL Telegram Agent

Security

HighLevel Private Integration Tokens are encrypted with AWS KMS before storage. Tokens are decrypted only when the API needs to perform a HighLevel request for your tenant.

You can choose approval mode, where non-read actions require Telegram confirmation, or full-access mode, where the agent can run permitted HighLevel actions directly. Approval mode helps protect against accidental changes and prompt-injection attempts from chat messages, images, documents, voice notes, or HighLevel data.

We log tool calls with redacted arguments where appropriate. We avoid logging plaintext tokens. S3 is used for Telegram media, generated CSVs, and exports.

You should create a HighLevel token with only the scopes you want this assistant to use. You can revoke or rotate the token from HighLevel at any time.