Telegram is changing MTProto

⎯ TL;DR

Telegram is gradually shifting MTProto: new transport flags, session-string encoding changes, rate-limit standardization.
Most changes are backward compatible, but come with a deprecation window. If you don't migrate in time, your client starts getting warnings, then rejections.
Key risk zones: auth.importAuthorization being deprecated, new flood headers, changes to channels.GetParticipants pagination.
Libraries (telethon / pyrogram) update with a 2-4 week lag after the ANO. If you use your own fork — track it yourself.
TG:ON updates automatically on the service side — clients don't feel migrations.

Telegram publishes MTProto changes through API Layers. Each layer is an increment: methods are added, some are marked deprecated, schema types change. The current layer (at the time of publication) is ~180.

Most updates are soft. Telegram rarely breaks backward compatibility in a single day. The typical flow: a new method appears → the old one is marked deprecated → the deprecated one keeps working for another 6-12 months → then it's removed.

But in 2026, a major consolidation is expected — several transitions at once, which collectively will make old custom clients unusable. Here's what specifically.

01 · Session encoding

Session-string v2: what's changing

A session-string is a serialized auth key your client uses to log into Telegram without re-authenticating. Historically, different clients used different formats: telethon — pickle+base64, pyrogram — custom binary.

Telegram is moving to a standardized format with backward compatibility. The new format contains:

Version tag (1 byte) — for future migrations
DC id + auth_key (256 bytes) — as before
Device fingerprint metadata — app_version, device_model, system_version are stored in the session-string (not set per-call)
Creation timestamp — for aging detection

# New structure (pseudo)
session_v2 = {
    "version": 2,
    "dc_id": 4,
    "auth_key": <256 bytes>,
    "fingerprint": {
        "device_model": "iPhone 15",
        "app_version": "10.8.0",
        "system_version": "iOS 17.4",
        "lang_code": "en"
    },
    "created_at": 1714800000
}
        

What breaks: clients that used to generate session-strings and pass the fingerprint on every connection now need to embed the fingerprint into the session itself. Otherwise — Telegram returns AUTH_KEY_UNREGISTERED.

02 · Rate limits

New flood headers: more granular rate-limiting

The classic FLOOD_WAIT_X is Telegram's single way to say "hold on". The new scheme introduces differentiated headers:

Header	What it means	Mitigation
`FLOOD_WAIT_X`	General rate limit (as before)	Wait X seconds
`FLOOD_PREMIUM_WAIT_X`	Limit on actions in a premium context	Apply to premium targets
`FLOOD_PEER_WAIT_X`	Limit on messages to a specific peer	Pause for that peer only
`SLOW_MODE_WAIT_X`	Restriction in a group with slow mode	Respect group's slow mode

The split gives Telegram the ability to throttle in a targeted way without blocking the whole account. For clients it means: you need to distinguish FloodWait types and handle them accordingly.

03 · Deprecations

Endpoints on the way out

Based on observed deprecation patterns, the following methods are in the risk zone:

auth.importAuthorization — used to transfer a session between DCs. Being replaced by server-side automatic DC affinity.
channels.GetParticipants with the ChannelParticipantsRecent filter — returned the last N participants. Being replaced by channels.GetStatistics for aggregations.
messages.SearchGlobal — global search across all chats. Being tightened — will be available only to Premium accounts.

If you use channels.GetParticipants for scraping, get ready for restrictions. A possible workaround: pull participants through the discussion group (if one exists) or via GetMessageReactionsList.

04 · Migration

What to do for clients on telethon / pyrogram

If you have your own fork of a popular Python library:

Update to latest — the library author usually patches new layers within 1-3 weeks. Follow GitHub releases.
Migrate session storage — if you cache session-strings in your DB, you'll need to regenerate all sessions under the v2 format.
Distinguish FloodWait subtypes — instead of a single except FloodWait, use 3-4 different ones with matching handling.
Log warnings — Telegram often ships non-fatal warnings for deprecated methods. If you don't log them, you'll miss the upcoming deprecation.

If TDLib

Updating TDLib automatically pulls all schema changes. Usually just git pull && rebuild. Session format changes are most often transparent (the library re-encodes in the background).

If SaaS

Ask your vendor: "when is the migration to the new MTProto layer planned?". A normal answer is "already done, clients didn't notice". If the answer is "someday in the future" — red flag.

05 · TG:ON approach

Why migrations don't worry us

Our MTProto client is written at the level of a custom TDLib fork + our own schema layer. API changes are handled centrally:

We monitor Telegram's GitHub and core.telegram.org daily
We beta-test new layers on test accounts 1-2 weeks before prod rollout
Pushing updates to clients is transparent, via desktop auto-update
Session storage is on our side — reconversion on first connect

For the user this means: you don't think about MTProto. Telegram changes a layer → you don't notice.

"MTProto changes 2-3 times a year. For a self-built client that's 2-3 downtime windows. For a SaaS with the right team — zero."

⎯ no migration pain

MTProto is our problem.
Just use the pipeline.

TG:ON updates automatically. You don't get distracted by session-string v2, new flood headers, or deprecated endpoints. 3-day trial — check the stability.

Start trial

Session-string v2: what's changing

New flood headers: more granular rate-limiting

Endpoints on the way out

What to do for clients on telethon / pyrogram

If TDLib

If SaaS

Why migrations don't worry us

TG:ON for macOS · Windows · Linux

MTProto is our problem.Just use the pipeline.

MTProto is our problem.
Just use the pipeline.