← back to blog

Telegram proxy settings, the complete setup guide for every platform

guides telegram proxies tutorials

every Telegram app has a proxy menu buried two levels deep in settings, and once you know where it lives, connecting through a proxy takes under a minute on any platform. this guide is the long version of that minute: every platform, every field, every deep-link format, the automation-library configs, and a troubleshooting matrix for each way the thing can refuse to work.

it’s written to be skimmed. jump to your platform, follow the steps, come back to the troubleshooting section if something misbehaves. the longer conceptual material (what MTProto and SOCKS5 actually are, which one your situation calls for, how free lists and IP reputation work) lives in the companion piece, MTProto vs SOCKS5 for Telegram. short version for the impatient: MTProto unblocks Telegram in censored places, SOCKS5 puts your account or automation behind a specific IP you control.

before you start: what you need in hand

a proxy connection is just a small set of values typed into a form. which values depends on the protocol.

for SOCKS5 you need four things (the last two optional but near-universal on paid services):

server:   sg2.example.com   (or an IP like 203.0.113.10)
port:     45001
username: customer_a
password: k3MvW9qXt2

providers hand these out in different shapes. you might get a colon-joined string (host:port:user:pass), a URL (socks5://user:pass@host:port), or four labelled fields in a dashboard. it’s all the same four values, and every form in this guide maps onto them. if your provider is us, they’re on your port page in the client area, in copy-paste form.

for MTProto you need three:

server: 203.0.113.10
port:   443
secret: ee1603010200010001fc0303...

though in practice you rarely type these, MTProto proxies travel as tap-to-connect links (covered in the deep links section), and typing is the fallback.

one global thing to know before any setup: Telegram’s proxy setting is app-wide, not per-account. if you’re logged into three accounts in one Telegram app, all three ride the same proxy. that single fact shapes all the multi-account patterns later in this guide, so file it away now.

and a small terminology note for the forms ahead: some clients say “hostname”, some say “server”, some say “address”. same field. some say “port” everywhere, mercifully.

iOS (iPhone and iPad)

Telegram on iOS keeps the proxy settings under data and storage. the full path:

  1. open Telegram and go to Settings (the gear in the tab bar)
  2. tap Data and Storage
  3. scroll to the Connection section and tap Proxy
  4. toggle Use Proxy on, or just tap Add Proxy, the toggle flips itself once a working proxy is selected
  5. choose the proxy type: SOCKS5 or MTProto
  6. fill the fields:
  7. Server: hostname or IP, no http:// or socks5:// prefix, the form wants the bare host
  8. Port: the number on its own
  9. for SOCKS5, Username and Password in their fields (leave blank only if your provider explicitly runs an open port, which paid ones don’t)
  10. for MTProto, the Secret string
  11. tap Done (top right)

the app connects through the new proxy immediately. you’ll see the proxy listed with a status line under it, connected with a checkmark when healthy, and a coloured dot in the proxy list showing ping. the chat list header also briefly shows “connecting via proxy…” as it switches over.

iOS-specific behaviour worth knowing:

  • the proxy applies inside Telegram only. Safari, your mail, other apps are untouched. iOS does have system-wide proxy settings per wifi network, but that’s a different mechanism entirely and not what Telegram’s menu controls. for account-management work this containment is exactly what you want.
  • it persists across app restarts and reboots. set once, it stays until you toggle Use Proxy off or delete the entry.
  • multiple proxies can be saved. they stack in a list; tap one to make it active. there’s no automatic failover, switching is manual (Telegram will, however, show ping next to each so you can pick the healthy one).
  • Use Proxy for Calls is a separate toggle at the bottom of the proxy screen, off by default. leave it off unless you specifically need calls routed through the proxy; calls are latency-sensitive and the toggle exists precisely because most people shouldn’t.
  • sharing: long-press (or tap the info icon on) a saved proxy and you can share it as a link, the same t.me/socks and t.me/proxy formats covered later.

a quirk that catches people on corporate or school wifi: if the network itself blocks the proxy port outbound, Telegram just sits at “connecting…”. flip to cellular data for a moment to confirm it’s the network and not your config, the troubleshooting matrix covers this branch in detail.

Android

same concept, slightly different path and a couple of extra conveniences:

  1. open Telegram, tap the hamburger menu (three lines, top left), then Settings
  2. tap Data and Storage
  3. scroll to Proxy (in the connection section) and tap Proxy Settings
  4. toggle Use Proxy on and tap Add Proxy
  5. pick SOCKS5 or MTProto at the top of the form
  6. fill server, port, and username/password (SOCKS5) or secret (MTProto), same field rules as iOS: bare hostname, no scheme prefix
  7. tap the checkmark (top right) to save

connected state shows under the proxy entry, with ping times listed next to each saved proxy, green when responsive. Android shows a small shield icon in the chat list header while a proxy is active, tapping it jumps straight to proxy settings, which is the fastest route back when you switch often.

Android-specific notes:

  • proxy applies to the Telegram app only, same containment as iOS. (if you got your “proxy” as an APK that claims to proxy your whole phone, that’s a VPN app, different thing, and on the free tier usually an adware-laden one. Telegram’s built-in menu needs no extra app.)
  • multiple saved proxies + ping display make Android the comfiest platform for the free-MTProto-list lifestyle: paste in three or four, glance at pings, tap the healthiest.
  • battery optimizers are the hidden enemy. aggressive OEM battery managers (the usual suspects: some Xiaomi, Huawei, Oppo builds) can kill Telegram’s background connection through a proxy and make it look like the proxy is flaky when it’s the OS strangling the socket. if Telegram-behind-proxy works in the foreground but messages only arrive when you open the app, whitelist Telegram from battery optimization and retest before blaming the proxy.
  • Telegram X and forks: Telegram X has the same proxy support under a near-identical settings path. third-party forks vary, most inherit the feature, but if you’re doing anything serious, do it on the official app, forks add an unauditable party to your security story.
  • tablets and secondary profiles: Telegram in an Android work profile or cloned-app container keeps its own separate proxy config, which is genuinely useful, it’s the one mainstream way to run two Telegram app instances with two different proxies on one device. more in the multi-account section.

Windows and Linux (Telegram Desktop)

Telegram Desktop buries the menu one level deeper, and it’s the one platform with a third protocol option:

  1. open Settings (hamburger menu → Settings)
  2. go to Advanced
  3. under the Network and theme section, click Connection type
  4. select Use custom proxy
  5. pick the type: SOCKS5, HTTP, or MTProto
  6. fill in hostname, port, and credentials/secret
  7. save, the dialog shows the connection state and ping per saved proxy

Desktop-specific behaviour:

  • HTTP proxy support exists here and not on mobile. if your provider gives both SOCKS5 and HTTP creds on the same port (ours does), prefer SOCKS5 anyway: it’s the config that also works on your phone, and it handles UDP if you ever route calls.
  • “Use proxy for calls” is a checkbox in the same dialog, same default-off logic as mobile.
  • system proxy detection: Desktop can also run in “use system proxy settings” mode, picked up from OS network config. handy on corporate networks; for deliberate per-account work always use the explicit custom proxy so you know exactly what’s configured.
  • multiple proxies save into a list with radio-button selection, with ping shown, and Desktop is good about reconnecting fast when you switch.
  • where this matters most: Desktop is where multi-account workflows concentrate (it supports several logged-in accounts side by side), so remember the global rule, one proxy serves every account in the app. the multi-account section below deals with this properly, including the portable-instances pattern.

Linux specifics: the official Telegram Desktop from telegram.org, flathub or snap behaves identically, same menus. if you’re on a distro package that lags versions behind, and proxy connections misbehave after a Telegram-side change, try the official binary before debugging your network, packaged builds have been the culprit more than once.

macOS

two different Telegram apps exist for Mac, and their proxy menus differ, which confuses everyone at least once:

  • Telegram Desktop (the Qt app, downloadable from telegram.org or installable via homebrew): identical to the Windows/Linux instructions above. Settings → Advanced → Connection type.
  • Telegram for macOS (the native Swift app from the Mac App Store, the one with the macOS-style sidebar): Settings → General → Proxy (or the proxy shield icon when visible). add server, choose SOCKS5 or MTProto, same fields as iOS, since it shares lineage with the iOS app.

both support saved proxy lists and per-proxy status. if a guide’s screenshots don’t match what you see, you’re almost certainly in the other Mac app, check which one you actually have before re-reading menus. functionally either is fine for proxy work; pick one and stay consistent so saved proxies live where you expect them.

Telegram Web and the browser problem

here’s the platform where the in-app answer is “you can’t”: Telegram Web (web.telegram.org) has no proxy settings. the web client speaks to Telegram from your browser, so it uses whatever network path the browser uses. no menu, nothing to configure inside Telegram itself.

that’s not a dead end, it just moves the proxy one layer out, and for some workflows (anti-detect browsers especially) it’s actually the preferred shape:

  • browser-level proxy: point the browser itself at your SOCKS5 proxy. Firefox has first-class built-in SOCKS5 support with per-profile config (Settings → Network Settings → Manual proxy configuration, SOCKS v5, and tick “proxy DNS”). Chrome inherits system proxy settings unless launched with --proxy-server=socks5://host:port, and handles authenticated SOCKS5 poorly on its own, which is why the next option dominates in practice.
  • proxy-per-profile browser tooling: anti-detect browsers (AdsPower, Multilogin, GoLogin and the rest) exist to bind a proxy plus a consistent fingerprint to each browser profile. a Telegram Web session inside such a profile rides that profile’s proxy. this is the cleanest way to get different proxies under different Telegram Web sessions on one machine, where the native apps’ app-wide proxy rule would force one IP for everything.
  • OS-level routing (system proxy, proxifier-style apps, or a VPN): bluntest instrument, everything on the machine rides along. fine for the censorship use case, wrong for per-account separation.

one operational note: a Telegram Web session is a full login like any other. the sessions-and-IP guidance from the protocols guide applies, create the web session through the proxy it will live behind, not before adding it.

pick your scenario, then read only what you need

this guide is long because it’s complete, not because every reader needs all of it. find yourself below and jump:

  • “I just want Telegram to work where it’s blocked.” you want a free MTProto proxy, tapped from a list. read your platform’s section for where the proxy menu is, then the deep-links section (you’ll be tapping links, not typing), then the “connecting forever” troubleshooting row. skip the automation and multi-account material entirely. budget: five minutes.
  • “I run one or two extra accounts and want them on clean IPs.” you want SOCKS5 on a dedicated port. read the credentials decoder, your platform’s section, the verification ladder, and the small-cells part of multi-account. the first-24-hours walkthrough is worth your time. budget: an hour spread over a day.
  • “I’m running a real fleet of accounts.” read everything, but the load-bearing sections for you are multi-account patterns, the scaling-past-manual section, session-per-proxy discipline in the automation part, and rotation. the network mechanics you can skim; the systems-of-record discipline is where fleets actually live or die. budget: read it properly once, you’ll reference it for months.
  • “I’m building bots or scrapers.” jump to the automation libraries section for your language, then rotation (scraping wants the opposite of account work), then the geolocation section if region matters. the per-platform app instructions are mostly irrelevant to you. budget: the code sections, then go.
  • “something’s broken and I need it fixed now.” straight to the troubleshooting matrix, find your symptom, and keep the universal first move (the curl check) in mind, it halves every diagnosis. budget: ten minutes if it’s a common cause, which it usually is.

everyone else, read top to bottom; it’s ordered from concepts to platforms to code to fixing-what-broke.

app-proxy vs system-proxy vs VPN, getting the layers straight

before the per-platform steps, one conceptual thing trips up more people than any settings path: there are three different places a proxy can live, and they don’t do the same job. confusing them produces the “I set up a proxy but it’s not working / it’s affecting the wrong things” class of problem.

Telegram’s in-app proxy (what this whole guide is mostly about) routes only Telegram’s traffic through the proxy. your browser, your other apps, your system, all untouched. this is the layer you want for account work, because it’s surgical: this account’s Telegram exits here, nothing else is involved. it’s configured inside Telegram’s own settings, and it travels with your Telegram login regardless of what network the device is on.

the operating system’s proxy (iOS per-wifi-network proxy settings, Windows/macOS system proxy, Android’s per-network proxy) routes traffic for apps that honour system proxy settings, and many apps including some of Telegram’s own connection paths may or may not fully respect it depending on platform. it’s blunter and less predictable, and it’s a different menu entirely from Telegram’s. if you set a system proxy expecting it to cover Telegram, you may find Telegram ignoring it (Telegram prefers its own setting) and other apps unexpectedly riding it. for deliberate account work, don’t use the system layer for Telegram, use Telegram’s own menu so you know exactly what’s routed.

a VPN sits below everything and routes the entire device’s traffic through one tunnel. every app, one exit IP. it’s the right tool when you want all your traffic hidden or relocated and you don’t need per-app or per-account separation. it’s the wrong tool when you want this account on IP A and that account on IP B, a VPN gives the whole device one identity. (this is why “just use a VPN” is good advice for the censorship/privacy use case and useless advice for the multi-account use case.)

these layers also interact, sometimes confusingly. a VPN plus Telegram’s in-app proxy means your Telegram traffic goes device→VPN→proxy→Telegram, two hops, two exit changes, and the IP Telegram sees is the proxy’s, not the VPN’s (the in-app proxy is the last hop before Telegram). that combination is actually a legitimate pattern in censored countries, the VPN provides reachability and protocol-cover, the in-app proxy provides the account’s identity IP, but if you didn’t intend it, you get baffling results where your “Singapore proxy” account shows the right IP while everything else on the device shows the VPN’s. when debugging, always know which layers are active; turn off the ones you’re not deliberately using.

the rule of thumb that keeps it straight: for Telegram account identity, use Telegram’s in-app proxy and nothing else. reach for the system layer or a VPN only when you specifically need to relocate traffic beyond Telegram, and when you do, expect Telegram’s own setting to win for Telegram’s traffic.

three places a proxy can live a VPN, covers your whole device system proxy, apps that honour it Telegram in-app proxy Telegram traffic only use this for per-account identity
for account identity, the narrowest layer is the right one

decoding the credentials your provider actually gave you

before any settings menu, you have to translate whatever your provider sent into the four fields Telegram wants. providers are maddeningly inconsistent about format, so here’s a decoder for every shape I’ve seen handed out, because “it won’t connect” is half the time just a misread credential.

reading a colon-string credential 203.0.113.10 : 45001 : customer_a : k3MvW9qXt2 server / host port username password
the same four values, whatever shape your provider sends them in

the colon string: 203.0.113.10:45001:customer_a:k3MvW9qXt2. order is almost always host:port:user:pass. almost. a few providers (mostly older residential sellers) flip it to user:pass:host:port, which you can spot instantly because the host is a recognizable IP or domain, so if the last two segments look like an IP and a port number, it’s the flipped order. when in doubt, the segment that’s purely digits in the 1000-65535 range is the port, and the segment shaped like an IP or something.domain.tld is the host. the other two are user then pass, in that order.

the URL form: socks5://customer_a:k3MvW9qXt2@203.0.113.10:45001. standard URI layout, scheme://user:pass@host:port. strip the scheme, and everything before the @ is user:pass, everything after is host:port. this is also the exact string most command-line tools and libraries want verbatim (curl -x, HTTPS_PROXY=), so if you got a URL, keep it, you’ll paste it whole into the non-Telegram tools.

the labelled block: four named fields in an email or dashboard. easiest, no decoding, but watch for the provider using “endpoint” or “gateway” for host, “auth” for the user/pass pair, and “access port” vs “rotation port”, some give you two ports (more on that below).

two ports, one credential: many rotating-capable providers hand you a sticky port and a rotating port on the same host and login. e.g. :45001 holds one IP per session, :45002 rotates per request. for Telegram account work you want the sticky one, always. mixing them up is a common cause of “my account keeps relocating”, you accidentally configured the rotating port.

a rotation URL alongside the proxy: dedicated mobile providers (us included) often give a proxy plus a separate rotation link like https://host/rotate/<token>. that URL is not a proxy, don’t put it in Telegram, it’s something you hit in a browser or curl when you want a new IP. keep it filed separately from your connection creds so you never paste one where the other belongs.

the IP-whitelist variant: some providers skip username/password and authenticate by your egress IP instead. you’ll get host and port but blank auth, and a dashboard field where you register the IP you’ll connect from. these are great for servers with a static IP, awkward for a laptop that roams. if your “no auth” proxy refuses every connection, check whether it’s actually whitelist-auth and your current IP isn’t on the list.

get this translation right and most of the troubleshooting section never comes into play. get it wrong and you’ll fight a phantom “dead proxy” that was alive the whole time.

typing proxy details is the slow way. Telegram has URL schemes that carry the whole config, and they’re worth learning because they’re how proxies are shared, saved, and deployed to non-technical users.

the formats

SOCKS5:

tg://socks?server=sg2.example.com&port=45001&user=customer_a&pass=k3MvW9qXt2
https://t.me/socks?server=sg2.example.com&port=45001&user=customer_a&pass=k3MvW9qXt2

MTProto:

tg://proxy?server=203.0.113.10&port=443&secret=ee1603...
https://t.me/proxy?server=203.0.113.10&port=443&secret=ee1603...

the tg:// form opens the app directly; the https://t.me/ form goes via the browser (useful in email, docs, QR codes, anywhere a custom scheme might get stripped). both produce the same in-app confirmation sheet: server, port, and an enable/connect proxy button. one tap and it’s configured and active, saved into the proxy list like a manually-entered one.

parameter names are exactly as shown (server, port, user, pass, secret), and values should be URL-encoded if they contain special characters, worth remembering when you generate links programmatically for a team. building them is just string assembly, there’s no signing or registration involved.

what they’re for in practice

  • onboarding people who will never open a settings menu. sending a client or a colleague a tap-this link beats a screenshot tutorial every time. it’s also how you hand a proxy to a parent in a censored country over a voice call (“I sent you a link, tap it, tap connect”).
  • QR codes: wrap the https://t.me/... form in any QR generator and you can move a proxy config to a phone with no typing and no chat message containing credentials. several provider dashboards (ours included) render the QR next to the creds for exactly this.
  • fleet provisioning: when you maintain config docs or internal tooling for many accounts/devices, storing the canonical proxy-per-account as a link makes the “rebuild this device” path one tap long.

an obvious-but-stated caveat: a link is the credentials. anyone who sees the link can use your SOCKS5 port as you. share like you’d share a password, prefer DMs over groups, and if one leaks, have the provider regenerate creds (a ten-second operation on a sane platform).

verifying it actually works

the settings screen saying “connected” is necessary but not sufficient, it means the app shook hands with the proxy, not that the proxy is healthy, fast, or exiting where you think. the full verification ladder:

  1. the in-app state. proxy entry shows connected/checkmark, chats load, sending works. if this fails, nothing else matters, go to troubleshooting.
  2. the ping number next to the proxy in the list. it’s the round trip to the proxy server, useful for comparing saved proxies and for spotting decay over time (a proxy that pinged 40ms yesterday and 800ms today is overloaded or rerouted).
  3. confirm the exit IP. from a browser or curl routed through the same proxy, hit any what-is-my-ip service and check the address and its owner. for the browser-less: curl -x socks5://user:pass@host:port https://ipinfo.io/json returns IP, org and geolocation in one shot. you’re confirming three things: it’s not your real IP (the proxy is actually in the path), the org/ASN matches what you bought (carrier name for mobile ports, see the audit section of the protocols guide for why this matters), and the country/city is what you expect.
  4. media behaviour. send a photo to Saved Messages, then a short video. chat text can ride a struggling proxy convincingly; media is where weak ones show themselves. slow media on a fast-pinging proxy usually means bandwidth shaping or load at the exit.
  5. stability over a day. especially before committing real accounts: leave a session connected, note ping morning and evening, send media at both. flat performance across a day is the signature of a dedicated line; the evening sag is the signature of shared ones.

for one personal account this whole ladder is overkill, steps 1 and 3 suffice. for anything commercial, the ten minutes of verification beat days of “is it the proxy or is it me” later.

managing multiple proxies and switching

all platforms keep a list of saved proxies, and the active one is whichever you selected last. things the list does and doesn’t do:

  • it does persist indefinitely, show per-proxy ping, and let you share any entry back out as a link.
  • it does not auto-failover. if the active proxy dies, Telegram waits at “connecting…” rather than trying the next saved one. (the one nuance: with Use Proxy toggled off, the app just connects directly; some people deliberately keep the toggle handy as a manual bypass for proxy outages, sensible for censorship users, defeats the purpose for account isolation, where a session leaking onto your real IP is exactly what you’re paying to avoid.)
  • switching is instant-ish, a few seconds of reconnect. switching often is harmless at the network level; what it means for account risk scoring depends on what you’re switching between, same-carrier rotation reads as normal life, cross-provider careening on young accounts doesn’t (covered properly in the protocols guide).

power-user patterns: censorship users keep 3-5 fresh MTProto entries and treat the list as a manual failover bank, picking by ping. account operators do the opposite, exactly one proxy configured per app instance, deliberately, so nothing can be switched to by accident. both are correct for their threat model.

the “use proxy for calls” toggle, a short section because the answer is short

voice and video calls are realtime UDP-ish traffic, latency- and jitter-sensitive, and by default Telegram routes calls outside the proxy even when chats ride through it. the toggle (per platform, in the same proxy screens) opts calls in.

leave it off if your reason for a proxy is IP reputation or geo, calls don’t carry the signals that matter there, and call quality through any proxy is strictly worse, noticeably so on high-jitter paths.

turn it on if the proxy is hiding your traffic from the network you’re on, with the censorship caveat that call traffic patterns remain relatively distinctive to DPI even proxied.

separate but adjacent, because it’s the actual IP exposure people worry about with calls: Telegram calls between contacts default to peer-to-peer where possible, which reveals your IP to the other party (not to the network), proxy or not, on platforms where p2p applies. the fix for that lives at Settings → Privacy and Security → Calls → Peer-to-Peer → Never, forcing calls through Telegram relays. if call-related IP privacy brought you here, that setting matters more than the proxy toggle does.

third-party Telegram clients and where their proxy settings hide

the official apps are the safe default, but a lot of people run alternative clients (for extra features, for multi-account convenience, for UI preference), and every one of them puts the proxy menu somewhere slightly different. quick orientation for the common ones, with the standing caveat that a third-party client is an extra party in your security story, so run anything sensitive on the official app.

  • Telegram X (official-ish, same company): proxy lives under Settings → Data and Storage → Proxy, essentially identical to the main Android app. full SOCKS5 and MTProto support, ping display, the lot. the one alternative client I’d treat as equivalent to official.
  • Nicegram (iOS, feature-heavy fork): Settings → Data and Storage → Proxy, same lineage as official iOS so the screen matches the iOS instructions above. its extra features are unrelated to proxying; the proxy part is standard.
  • Plus Messenger (Android fork): proxy under the same Data and Storage path as stock Android, since it’s built on the official Android source. themes and category features are the fork’s additions; proxy handling is inherited and standard.
  • Swiftgram, 64-bit Telegram, and the various Android forks: nearly all inherit the official source’s proxy implementation under the same Data and Storage → Proxy path. if a fork removed or relocated proxy settings, that’s a red flag about the fork, not a feature.
  • Unigram (Windows, community UWP client): Settings → Advanced → Proxy. SOCKS5 and MTProto supported. handy on Windows where you want a native-feeling app, behaves like Desktop for our purposes.

the universal rule across forks: they’re built on Telegram’s open client source, so the proxy feature and its fields are almost always the same four/three values in a similarly-named menu. if you can find “Data and Storage” or “Advanced”, the proxy menu is within a tap or two. and again, for the work that motivated this guide, multi-account operations, real money, sensitive comms, the unauditable extra code in a fork is a cost with no proxy-related benefit. use forks for convenience accounts, official for the ones that matter.

scaling past manual: when the settings menu isn’t enough

everything so far assumes you’re configuring proxies by hand, which works up to a point and then doesn’t. the inflection is usually somewhere around 10-20 accounts, where hand-managing per-account proxy/device pairings becomes its own error-prone job. what the larger operations use:

a credentials registry, not your memory. the moment you have more than a handful of port-to-account pairings, write them down in a structured place, a spreadsheet at minimum, ideally something queryable: account identifier, assigned port, host, credentials, device/profile it lives on, date created, current status. the failure this prevents is the worst one, accidentally pointing two accounts at the same port, or rebuilding a device onto the wrong IP, both of which quietly merge two accounts’ network histories. the registry is the isolation, as much as the proxies are.

anti-detect browser orchestration for web-based fleets: AdsPower, Multilogin, GoLogin and similar don’t just isolate profiles, they manage the proxy-per-profile binding centrally, so the pairing lives in the tool rather than in your head. you import proxies in bulk, assign one per profile, and the tool enforces it. this is the standard backbone for Telegram-Web-based multi-account at scale, and the proxy-import format these tools want is usually the host:port:user:pass colon string or the socks5:// URL, which is why the decoder section earlier matters.

device-farm management for physical-device fleets: at the high end, racks of real phones each pinned to a port, managed through MDM-style tooling or USB-hub automation. this is heavy infrastructure and overkill for most, but it’s the gold standard for high-value accounts, and it’s worth knowing it exists so you understand what you’re approximating with cheaper methods. (it’s also, from the supply side, what a mobile-proxy provider’s farm physically is: our hundred-plus modems on real SIMs are the same idea, run as infrastructure so you don’t have to build it.)

API-driven proxy provisioning: providers worth scaling on expose an API to list ports, fetch credentials, and trigger rotation programmatically, so your account-management tooling can pull the right proxy config rather than you pasting it. if you’re heading toward dozens of accounts, “does the provider have an API” becomes a real selection criterion, manual dashboard-copying doesn’t scale and introduces exactly the copy-paste errors the registry is meant to prevent.

the throughline: past a certain size, the settings menu is no longer where proxy management happens, it moves into tooling, and the discipline shifts from “configure each one right” to “maintain a system of record that can’t drift”. the network principles don’t change, one stable clean IP per identity, but the enforcement moves up a layer. if you’re not there yet, you don’t need any of this; a spreadsheet and careful hands cover a lot of accounts. just know the ceiling exists and what’s above it.

proxies for bots and automation libraries

the settings menus end here; the rest of the connectivity story is code. every serious Telegram library takes proxy config, all of it SOCKS5 (MTProto-proxy support in libraries ranges from absent to experimental, it isn’t how production runs).

Telethon (python)

import socks
from telethon import TelegramClient

client = TelegramClient(
    "session_account_a",
    api_id, api_hash,
    proxy=(socks.SOCKS5, "sg2.example.com", 45001, True, "customer_a", "k3MvW9qXt2"),
)

the tuple is (type, host, port, rdns, username, password). install pysocks or connections fail with errors that don’t mention socks at all. Telethon also accepts a python-socks style dict on recent versions; the tuple form above works across versions, which is why it’s the one in every working codebase.

Pyrogram (python)

from pyrogram import Client

app = Client(
    "session_account_a",
    api_id=api_id, api_hash=api_hash,
    proxy=dict(
        scheme="socks5",
        hostname="sg2.example.com",
        port=45001,
        username="customer_a",
        password="k3MvW9qXt2",
    ),
)

dict-based, self-explanatory, and the scheme field also takes "http" if you must.

GramJS (node)

const client = new TelegramClient(stringSession, apiId, apiHash, {
  proxy: {
    ip: "sg2.example.com",
    port: 45001,
    socksType: 5,
    username: "customer_a",
    password: "k3MvW9qXt2",
  },
  useWSS: false,
});

useWSS: false matters, websocket transport bypasses the socks path in some versions, and the resulting “proxy configured but real IP used” failure is silent. verify the exit (curl ladder above) the first time, every time.

TDLib

native TDLib (and the clients built on it) configures proxies through the addProxy TDLib method with proxyTypeSocks5, credentials in the same four fields. if you’re deep enough to run raw TDLib you don’t need me to paste the JSON, just know the per-client proxy state persists in TDLib’s database between runs, which surprises people who expected per-launch config.

the Bot API, a different animal

bots talking to api.telegram.org via the Bot API are ordinary HTTPS clients, so they don’t use Telegram’s proxy settings at all, they use whatever HTTP-stack proxying your language provides. python-telegram-bot, aiogram and friends all accept a proxy URL (socks5://user:pass@host:port) in their client/session config, or honour HTTPS_PROXY environment variables in their underlying HTTP library.

worth asking whether you need it at all: a sending-only notification bot has nothing to gain from a fancy exit IP, nobody scores it. bot traffic needs a proxy when the server’s network blocks Telegram (corporate egress, certain countries’ datacenters), or when you’re running the bot from infrastructure whose IP you don’t want associated with the bot’s existence. those are reachability and privacy reasons, not reputation reasons.

session-per-proxy discipline, the part that outranks all the snippets

whichever library: one session, one proxy, permanently. create the session through its proxy (the first login is the highest-stakes network event in the account’s life), pin the pairing in your config or naming convention (session_account_a ↔ port 45001, visibly), and never round-robin sessions across a proxy pool because the code happened to make it easy. the libraries make per-session proxies trivial, the operational discipline is the part you have to bring yourself, and it’s the difference between the fleet that ages well and the one that dies of PeerFlood in week three.

a full walkthrough: your first 24 hours with a new dedicated proxy

abstract steps are easy to nod along to and hard to actually follow, so here’s the concrete sequence I’d run end to end with a brand-new dedicated SOCKS5 port, the kind of port you’d get from a free trial, before trusting it with anything real. start to finish, roughly an hour of attention spread across a day.

first 24 hours with a new proxy curl exit check 0 min configure Telegram 2 min send photo + video 5 min re-check ping 6 hr re-check again 12 hr commit account 24 hr
prove the pipe cold, then commit the account

minute 0, decode and verify the credentials exist. translate whatever the dashboard gave you into the four fields (decoder section above). before touching Telegram at all, prove the proxy is alive and exits where it should from the command line:

curl -x socks5://customer_a:k3MvW9qXt2@sg2.example.com:45001 https://ipinfo.io/json

read the JSON: ip should not be your real address, org should name the carrier you were sold (for a mobile port, a real telco, not a hosting company), country/city should be right. if this fails, stop, it’s the proxy or the creds, and no amount of Telegram fiddling fixes that. if it succeeds, you now know the proxy works, which means any later Telegram problem is config, not proxy, and you’ve saved yourself the entire first troubleshooting branch.

minute 2, configure Telegram Desktop. I default to Desktop for the first run because the curl-and-app comparison is easiest on one screen. Settings → Advanced → Connection type → Use custom proxy → SOCKS5, four fields, save. watch for the connected state and note the ping.

minute 3, confirm the app exits where curl did. open a browser tab also routed through the same proxy (or just trust the curl, the proxy doesn’t change exit by client) and sanity-check. the point is to confirm Telegram is genuinely using the proxy and not silently falling back to direct, which it does without complaint if something’s off. an easy in-app check: some Telegram clients show your connection going through the proxy in the settings status line; the rigorous check is that your ISP-level view (if you can see it) shows traffic to the proxy host, not to Telegram’s ranges.

minute 5, the media test. Saved Messages, send a photo, then a 10-30 second video. time them, loosely. on a healthy dedicated port these complete about as fast as without the proxy. if media crawls while text flies, you’re either far from the exit geographically or on a shaped/loaded line, note it and re-test later in the day.

minute 10, the stability baseline. leave the session connected and walk away. the single most useful thing you can do with a trial is wait, because the failure mode that matters (evening congestion on shared exits dressed up as dedicated) only shows with time.

hour 6 and hour 12, re-check. glance at the ping, send another photo. you’re looking for flatness. a dedicated port reads nearly identical at 9am, 3pm and 9pm. a secretly-shared one sags when the other tenants wake up. this is the test that actually separates real dedicated infrastructure from resold pools, and it costs you nothing but patience.

hour 24, decide, then (only then) bring an account onto it. if ping held, media stayed quick, and nothing dropped, the port is trustworthy. now you create or migrate the account that will live on it, through the proxy, as its first network event. doing it in this order means the account’s very first login happens on a port you’ve already proven, instead of you discovering the port is flaky with a real account already exposed on it.

that ordering, prove the pipe cold, then commit the account, is the whole discipline. people who skip it spend the account’s scarce first-login credibility on an unverified IP and then wonder why the account felt “born suspicious”.

multi-account setups, the real-world configurations

this is where the app-wide-proxy rule from the start of the guide bites, and where people make the expensive mistakes. one Telegram app routes all its logged-in accounts through one proxy. so “give each account its own IP” is not a thing you configure in Telegram’s settings, it’s a thing you arrange outside Telegram, with one of these patterns.

pattern 1: one device (or instance) per account

the cleanest, used by serious operators. each account lives in its own isolated Telegram instance, and each instance has its own proxy:

  • physical devices: one phone per account, each phone’s Telegram pointed at that account’s dedicated SOCKS5 port. expensive, bulletproof, used for high-value accounts. (it’s also, not coincidentally, close to what a mobile-proxy farm is on the supply side: real devices on real SIMs.)
  • Android app-cloning / work profiles: built-in dual-app features and work-profile containers each run a separate Telegram with separate proxy config, a couple of accounts per phone without extra hardware. ceiling of two-ish before it gets fragile.
  • anti-detect browsers for Telegram Web: each browser profile carries its own proxy + fingerprint, and a Telegram Web session inside it inherits both. this is the scalable software answer, dozens of profiles, dozens of proxies, one machine, and the reason the protocols guide’s IP-reputation material matters so much: the browser fingerprint and the IP have to tell the same story.
  • desktop multi-instance: Telegram Desktop can run multiple isolated copies via the -many launch flag pointed at separate data directories, each its own proxy. clunky but free, popular for small fleets on one workstation.

pattern 2: small fixed cells

not everyone needs 1:1. a defensible middle: a small, fixed group of related accounts sharing one dedicated port. the rules that keep it safe: the group is small (single digits), it’s stable (the same accounts always, never reshuffled), and the accounts are genuinely related (one person’s set, not strangers pooled for cost). this works because the clustering risk from the protocols guide is about correlated strangers plus shared IP; a known small set on a clean dedicated IP behaving like one person’s accounts is a far smaller signal than the same accounts scattered across a churning shared pool.

the anti-pattern that kills fleets

many accounts, one shared proxy pool, sessions hopping IPs between logins because the tooling rotated. this maximizes exactly the signal Telegram punishes: lots of accounts, correlated behaviour, shared and shifting exits. it’s also the default you fall into if you buy a cheap rotating-residential subscription and wire all your sessions to it without thinking. the fix isn’t more rotation or more IPs, it’s stable dedicated pairing, fewer moving parts, not more.

warm-up, the operational layer settings can’t give you

a clean dedicated IP is necessary, not sufficient. accounts that survive get warmed: created on the IP they’ll live on, then used like a human for a while (read, join a few relevant channels, light normal activity) before doing whatever they exist to do. the proxy makes the network layer boring and trustworthy; warm-up makes the behaviour layer boring and trustworthy; you need both, and the IP is the half you can buy. the full pacing playbook sits on the account-management page, it’s beyond a settings guide’s scope, but no proxy config substitutes for it.

rotation: when, how, and when not to

rotation means changing your exit IP. Telegram’s settings menu has no rotation feature, this happens at the proxy layer, so how you rotate depends entirely on your provider.

the three rotation models you’ll meet:

  • on-demand via a link or API (what dedicated mobile ports usually offer, including ours): you hit a rotation URL or API endpoint and the port pulls a fresh IP from the carrier pool, when you decide. sticky until you say otherwise. this is the right model for account work, you stay on one IP indefinitely and rotate only on a real trigger.
  • timed / sticky-session rotation (common on residential pools): the IP changes every N minutes, or holds for a “sticky” window then changes. fine for scraping, actively harmful for account identity, your account’s apparent location shifts on a timer for no human-plausible reason.
  • per-request rotation (rotating pool endpoints): every connection draws a different IP. only appropriate for stateless scraping of public data, never for a logged-in session.

when to actually rotate an account’s IP:

  • you have positive evidence the current IP is burned (sudden challenges/limits that clear on a known-clean IP)
  • you’re deliberately retiring and re-homing an account
  • a provider-side incident moved you to a bad exit and you want back to a fresh one

when not to:

  • “just in case” or on a schedule, for a logged-in account, this manufactures the instability signal you’re trying to avoid
  • to “look more dynamic”, humans aren’t dynamic, they’re stubbornly on the same carrier IP for days

the carrier-pool nuance that makes mobile rotation safe: rotating a mobile port gives you a different address from the same carrier’s CGNAT pool, same country, same ASN, same network class. to Telegram that’s indistinguishable from a phone moving between cell towers. that’s categorically different from “rotation” that throws you onto an unrelated provider’s range, which is what cheap pool rotation does and why it spooks risk systems. if you rotate, rotate within a carrier.

for scraping specifically, the inverse advice holds, lean into rotation, use a rotating endpoint or script frequent on-demand rotations, and treat IPs as disposable rather than as identities. the web-scraping page covers that side.

testing geolocation and region behaviour

a big slice of “telegram proxy” use is about appearing to be somewhere specific, an SG user for SG content, a particular country for that country’s bots and services. the proxy is only half of that; you have to actually verify the geo is landing, because a proxy that connects fine can still geolocate wrong.

confirm the raw geolocation. the curl-to-ipinfo check gives you the IP’s registered location, but registration and perceived location can differ, especially on mobile carrier IPs whose geo-databases lag. cross-check against two or three services (ipinfo.io, ip-api.com, ipregistry) because they disagree more than you’d hope, and the one your target platform uses is the one that matters. for a carrier IP that should read as Singapore, you want all three agreeing on the country at minimum; city-level drift within the right country is normal and rarely matters.

check timezone and language coherence. this is the part people miss. an IP says Singapore, but if your device’s timezone is America/New_York and your Telegram language is set from a US app-store account, the story is incoherent, and incoherence is itself a signal. for serious geo work, line up the IP country, the device/profile timezone, the OS/app language, and the phone number’s country code so they tell one consistent story. the proxy sets the IP; you set the rest, and a mismatch undoes the proxy’s work. (this coherence idea is the same principle behind browser-fingerprint-vs-IP matching in the anti-detect world, and it’s worth internalizing: one IP that disagrees with everything around it is more suspicious than an honest connection with no proxy at all.)

test the actual platform behaviour, not just the IP. the real proof is downstream: does the SG content pool actually serve you SG content, does the region-locked bot actually unlock, does the local service show local pricing. configure the proxy, then go look at the thing you care about. IP geolocation services are a proxy for the answer; the platform’s own behaviour is the answer.

a note on DNS. SOCKS5 can resolve DNS either locally (on your machine) or remotely (at the proxy). for geo work you generally want remote resolution so your DNS queries also appear to come from the proxy’s location, several clients and the Telethon rdns=True flag control this. mismatched DNS (local resolution leaking your real region while the IP says elsewhere) is a subtle geo-leak that the ipinfo check won’t catch because it only looks at the connection IP. if a platform seems to “know” your real region despite a correct proxy IP, suspect DNS.

a complete troubleshooting matrix

organized by symptom. work top to bottom within your symptom; most issues are in the first two rows.

"connecting..." forever: find the cause stuck on "connecting..." curl gives the right exit IP? no proxy or creds are wrong yes switch networks, does it connect? yes first network blocks the port, use 443 no dead proxy or wrong host:port
the curl check halves the diagnosis every time

“connecting…” forever, never connects

the most common failure, and it’s almost always one of four things:

  1. the proxy port is blocked outbound on your current network. corporate, school, hotel and some mobile-carrier networks block non-standard ports. test: switch to a different network (cellular if you were on wifi, or vice versa). if it connects there, it’s the network, ask your provider for a proxy on port 443 or another commonly-open port, which most offer precisely for this.
  2. dead proxy. free MTProto proxies die constantly; shared SOCKS5 exits go down. test: try a different proxy / get a fresh link. for a paid dedicated port, check your provider’s status or dashboard, a dedicated port that’s truly down is an incident worth a support ping.
  3. wrong port number or host. a transposed digit produces exactly this hang. re-paste from source rather than retyping.
  4. the protocol or fields are subtly wrong, see the next symptom.

connects (or claims to) but Telegram says “proxy unavailable” / drops immediately

  1. auth failure (SOCKS5). wrong username or password is the leading cause. re-paste both, watch for a trailing space or a smart-quote sneaked in by copy-paste from a chat app. the failure is often silent-ish, the app just won’t stay connected.
  2. protocol mismatch. SOCKS5 credentials typed into an MTProto form (or vice versa) fails quietly because the screens look alike. confirm the type selector matches your credential type.
  3. MTProto secret format wrong. truncated secret, or a plain/dd secret on a network that kills those, see the protocols guide on secret types. an ee-secret proxy is the resilient choice.
  4. the proxy works but is rejecting your IP (for IP-whitelist-auth proxies): your egress IP isn’t on the allowlist. update it in the provider dashboard.

connects, but it’s slow

  1. shared/overloaded exit. the classic free-proxy evening slowdown. nothing to fix but switch proxies; structurally, it’s why dedicated ports cost money.
  2. geographic distance. a proxy across the world adds real latency. check the proxy’s actual location (curl ladder) against where you are; pick one nearer the you↔Telegram path.
  3. bandwidth shaping at the exit. fast ping, slow media = the exit is throttling throughput. provider-side; on a dedicated port, raise it as an incident.
  4. mobile-line jitter, some variance is normal on carrier IPs, that’s the jitter-for-trust trade. if it’s only jitter (media completes, just unevenly) it’s expected; if throughput is genuinely low, it’s not the radio, it’s load.

works on wifi, fails on cellular (or vice versa)

network-level port blocking, as in the first matrix entry. the network where it fails is blocking the proxy port outbound. solution: a proxy on a widely-open port (443/8080) from your provider, or use the network where it works.

worked yesterday, broken today

  1. (free/shared) the proxy died. expected. get a fresh one.
  2. (dedicated) credentials rotated or an incident. check dashboard/support.
  3. Telegram app updated and reset something. rare, but a major update has occasionally cleared or mangled proxy config; re-add the proxy.
  4. your network changed. new office wifi, new firewall rule, new country. re-run the “connecting forever” network test.

Android: messages only arrive when I open the app

battery optimization killing the background socket, not a proxy fault. whitelist Telegram from your OEM’s battery manager. (this one wastes hours because it presents exactly like a flaky proxy.)

automation library: “connected” in logs but real IP leaks

  1. transport bypassing socks (e.g. GramJS useWSS: true). force the non-websocket transport.
  2. missing socks dependency (pysocks/python-socks not installed) so the library silently fell back to direct. install it, re-verify with the curl ladder.
  3. proxy tuple/dict shape wrong for your library version. match the snippets above to your installed version’s docs.

the universal first move

when anything’s ambiguous: route a curl through the same proxy (curl -x socks5://user:pass@host:port https://ipinfo.io/json). if curl gets the expected exit IP, the proxy and credentials are fine and the problem is in Telegram’s config or your client; if curl fails too, the problem is the proxy or the network path, and you’ve just halved your search space.

a security and privacy checklist for the setup itself

the protocols guide covers threat models in depth; these are the setup-time hygiene items specific to configuring a proxy:

  • never install an app or APK to “use a Telegram proxy”. the built-in menu needs nothing extra. a required download is malware or adware. the only legitimate external software in this whole space is anti-detect browsers (for the web/multi-account case) and your own automation code.
  • treat proxy links as credentials. the t.me/socks?...&pass=... link contains your password in clear text. share by DM, not in groups; regenerate if leaked.
  • create real-account sessions through the proxy, not before. first login is the costly event; spend it on the right IP.
  • turn on two-step verification (Settings → Privacy and Security → Two-Step Verification). this matters more than any proxy choice, the common way accounts are actually lost is SMS-code interception, and a cloud password closes it.
  • audit active sessions periodically (Settings → Devices) and revoke anything unfamiliar.
  • for calls, set Peer-to-Peer to Never if IP exposure to the other party concerns you, separate from and more relevant than the proxy-for-calls toggle.
  • verify your exit before trusting it with anything that matters: ASN matches the product you bought, geolocation is right, it’s not your real IP. ten minutes, per the verification ladder.

frequently asked setup questions

collected from the questions that actually land in support, as opposed to the ones guides assume people ask.

I added the proxy but Telegram still shows my real location to a bot. why? three usual causes, in order of likelihood: the proxy didn’t actually engage (verify with the curl check, Telegram silently falls back to direct), DNS is resolving locally and leaking your region (see the geolocation section, force remote resolution), or the bot reads location from your account settings or phone number rather than your IP, in which case no proxy changes it.

do I set this up once, or per account? the proxy menu is per app instance, so once per app, and every account logged into that app shares it. running different accounts on different IPs means different app instances (devices, clones, browser profiles), covered in the multi-account section. there’s no per-account proxy field inside a single Telegram app, and looking for one is a common dead end.

will the proxy slow Telegram down noticeably? a well-placed dedicated one, no, single-digit-percent on media, invisible on chat. a far-away or overloaded one, yes, sometimes badly. it’s the proxy’s location and load, not the existence of a proxy, that you feel. benchmark per the verification ladder if unsure.

my provider gave me both an HTTP and a SOCKS5 port. which do I use? SOCKS5, on every platform. it’s the only one mobile Telegram supports, it handles UDP for calls, and using it everywhere keeps one mental model across your devices. the HTTP port is a Desktop-only convenience; ignore it unless something in your network specifically forces HTTP.

can I use one proxy for Telegram and my browser at the same time? yes, that’s the nature of SOCKS5, it’s general-purpose. point both at the same host:port:user:pass. just remember they then share the exit IP, which is fine for one identity but means you can’t separate your browsing from your Telegram at the network layer if that mattered to you.

does the proxy survive a phone reboot / app update? reboot, yes, saved proxies persist. app update, almost always yes, though a rare major version has been known to reset connection settings; if a proxy vanishes after an update, just re-add it (or re-tap your saved link).

I’m getting “limit exceeded” / challenges even on a clean dedicated IP. isn’t the proxy supposed to fix that? the proxy fixes the network signal, not the behaviour signal. if an account is moving too fast, messaging too many strangers, or was sketchy before you re-homed it, a clean IP buys headroom but doesn’t grant immunity. the proxy is necessary, not sufficient, the protocols guide and account-management page cover the behaviour half.

is it safe to use the free proxies from those Telegram channels? for reading the news in a censored country, broadly yes, with the understanding that the operator sees your IP and connection times and pins a sponsored channel. for anything with a password, money, or an account you care about, no, route nothing valuable through an anonymous free exit. the reasoning is the whole back half of the protocols guide.

how do I remove a proxy completely? toggle Use Proxy off (keeps it saved for later) or delete the entry from the proxy list (gone). on every platform the delete is a swipe or long-press on the list entry. turning the toggle off reverts you to a direct connection immediately.

I travel a lot, will my proxy break when I change countries? no. the proxy is an address you connect to, not a function of where you are, so your session and your exit IP stay put as you move. the only thing that changes is your latency to the proxy (a Singapore proxy is snappier from Singapore than from Spain) and, occasionally, a local network that blocks the proxy port, the same “switch networks to test” issue from the troubleshooting matrix. your account keeps appearing from the same place regardless of where you physically are, which for many people is the entire point.

can I test a proxy without putting a real account at risk? yes, and you should. the curl exit check needs no Telegram account at all. beyond that, log a throwaway account through the proxy first, or use a provider’s free trial port, and run the full first-24-hours routine before any account you care about touches it. never let a real account’s first login be the test of an unproven proxy.

why does my saved proxy show a red dot / high ping? the dot and ping are the app’s health read of that proxy. red or high means slow or unresponsive right now, switch to a healthier saved entry, or if it’s your only dedicated port and it’s persistently red, that’s a provider incident worth raising.

can someone tell I’m using a proxy? your ISP sees you connecting to some server instead of to Telegram’s ranges, so “using a proxy”, potentially yes; which proxy and what for, no, the traffic’s encrypted. Telegram itself sees the proxy’s IP as your apparent IP. a well-run MTProto fakeTLS proxy additionally hides even the “this is proxy traffic” fact from your ISP, which is its whole reason to exist.

a working glossary for the setup screens

the words the menus and your provider use, in plain language:

  • server / host / hostname / endpoint / gateway: the address of the proxy, an IP or a domain. all the same field.
  • port: the numbered door on that server your connection knocks on. a provider may give a sticky and a rotating port; use sticky for accounts.
  • SOCKS5: the general proxy protocol you want for account and automation work; supported on every Telegram platform.
  • MTProto / secret: Telegram’s own proxy type and its config string; for unblocking the app under censorship. ee-prefixed secrets (fakeTLS) are the durable kind.
  • HTTP proxy: Desktop-only third option; no advantage over SOCKS5 for Telegram.
  • rotation link / URL: a separate address you hit to get a new exit IP; not a proxy, don’t put it in Telegram.
  • sticky session: holding one IP until you choose to change; correct for accounts.
  • rdns / remote DNS: resolving domain names at the proxy rather than locally, so DNS doesn’t leak your real region.
  • IP whitelist auth: authenticating by your connecting IP instead of a username/password.
  • use proxy for calls: the toggle that routes voice/video through the proxy; off by default, leave it unless you need it.
  • peer-to-peer (calls): the privacy setting that controls whether calls expose your IP to the other party; separate from the proxy.
  • anti-detect browser: profile-isolating browser that binds a proxy + fingerprint per profile; the scalable way to run Telegram Web multi-account.

quick reference card

the whole guide compressed, for when you just need the path:

  • iOS: Settings → Data and Storage → Proxy → Add Proxy
  • Android: Settings → Data and Storage → Proxy Settings → Add Proxy
  • Desktop (Win/Linux/Mac-Qt): Settings → Advanced → Connection type → Use custom proxy
  • macOS native app: Settings → General → Proxy
  • Web: no in-app proxy, use a browser-level or anti-detect-browser proxy
  • SOCKS5 fields: server, port, username, password
  • MTProto fields: server, port, secret (prefer ee/fakeTLS secrets)
  • share/deploy: https://t.me/socks?server=...&port=...&user=...&pass=... or https://t.me/proxy?server=...&port=...&secret=...
  • verify: in-app connected state → ping → curl -x socks5://user:pass@host:port https://ipinfo.io/json
  • calls: leave “use proxy for calls” off unless you specifically need it; set Peer-to-Peer → Never for IP privacy
  • automation: SOCKS5 only, one session per proxy, create the session through its proxy
  • multi-account: one app instance per account (or small fixed cells), never many accounts on one churning pool

keeping the setup healthy over time

a proxy config isn’t set-and-forget, especially the free kind. a short maintenance rhythm depending on what you’re running:

free MTProto users: expect to refresh links regularly, days, sometimes hours during active censorship. keep two or three list channels subscribed so you always have a fresh source, and don’t get attached to any one server. the maintenance is the lifestyle here; there’s no fixing a dead free proxy, only replacing it.

single dedicated-port users: almost no maintenance, that’s what you’re paying for. a sane monthly habit: re-run the curl exit check (confirm the IP and ASN are still what you bought), glance that ping is still flat, and confirm two-step verification is still on. that’s it. if anything drifts, it’s a provider conversation, not a config fix.

fleet operators: maintenance is continuous and it’s mostly about the registry, not the proxies. periodically reconcile your account-to-port mapping against reality (did any pairing drift, is any port double-assigned, did a rebuild land an account on the wrong IP), audit active sessions across accounts, and rotate any credentials that have been exposed. the proxies tend to be the stable part; human-introduced drift in the mapping is what bites.

across all three, two things age badly and are worth a calendar reminder: leaked proxy links (regenerate credentials if a link has been shared widely or posted anywhere public) and stale security settings (a session you forgot to revoke on a device you no longer use is a standing risk no proxy addresses). the proxy is the network layer; account hygiene is the layer that actually loses people their accounts, and it costs five minutes a month.

where to go from here

if this guide answered “how do I plug it in” and you’re now wondering “which proxy should I have plugged in”, that’s the MTProto vs SOCKS5 deep dive, it covers protocol choice, IP reputation, free-list economics, and how to audit a provider before trusting it.

if you already know you need dedicated SOCKS5 on clean mobile IPs for account work, the Telegram proxy for account management page covers the product side, and the free trial provisions a real port so you can run this entire setup-and-verify routine before paying anything. log a session in through it, run the curl check, send some media, leave it a day. that’s the test that actually tells you whether a proxy is worth keeping.

ready to try Singapore mobile proxies?

2-hour free trial. no credit card required.

start free trial
message me on telegram