Why is initData passed as URL anchor (#), why not just add to params?

[itekhi]

Hi Telegram team, love you <3

I can't get my head around why does Telegram pass MiniApp initData to URL hash (#) rather than just add it to URL params?

This requires developers to perform an initial API request using JS to authenticate the user (after page is loaded, on any page)...
If the initData was added to params, we could authenticate the user on the first HTTP request, or if it fails - just respond with 403.

Yes you need to do some params merging, but isn't it a matter of checking if MiniApp URL has ? in it or not, then add initData with either ? or & at the front?

[itekhi]

Oh wow, kinda embarrassing... I realized, that I totally forgot, that the API is probably supposed to respond to the initial request with a Set-Cookie header, containing the API's own auth token (with expiry, of a day or two, right?)...
Therefore the front end, if still has the auth cookie, doesn't even need to send that initial request...