Suggestion for improving the examples

[artyl]

In the examples for the pyTelegramBotAPI, obtaining the API token looks like this:

API_TOKEN = '<api_token>'

In my opinion, this is not ideal for two reasons.
Firstly, it encourages beginners to leave the token directly in the code.
Secondly, it makes it impossible to use the example code without editing it – you can't just run it as is.

I suggest using the following construction for obtaining the token, this addresses both issues:

import os
API_TOKEN = os.environ['API_TOKEN']

If you have no objections to such an approach but are not willing to invest time in it, I am ready to prepare a pull request for these changes.

[Badiboy]

Firstly, it encourages beginners to leave the token directly in the code.

See no problem in leaving token in code.

Secondly, it makes it impossible to use the example code without editing it.

See no problem in editing examles.

API_TOKEN = os.environ['API_TOKEN']

Can you even imagine how many "beginners" can create environment variable? I suppose that 0.1%-0.5%. If you want to make the life of others 99.% very painfuly - this is the good proposal.

If you have no objections to such an approach

I have an objections to such approach.

[artyl]

Understood, and I respect your opinion. Thank you for sharing your thoughts. You are the maintainer - it's up to you to decide.

The problem with the token in the code is that sooner or later, this code along with the secret will end up in a git repository, and removing it from the history is what's truly painful. I understand that the security of storing secrets is not the problem of your project, but perhaps it's worth making people think about why it's done this way.

The issue with editing examples is that what was executed and what ended up as an example in the project are not the same file. I encountered this when submitting a PR with examples to your project. Instead of checking the example, committing it, I had to verify it outside the project directory, remove the line with the key retrieval, and then place this corrected file in the repository.

As for obtaining the key, using environment variables is the most common method for delivering secrets into code. It is the most concise option; you can do it through sys.argv[1], open('~/.secret/api_token'), or some other way. Nothing prevents a beginner from changing this line to a simple assignment, but it will no longer be a default dangerous option.