App token in URL is unsafe
Slava Fomin IIAdding secrets (app token) to the URL is considered a bad security practice due to the fact that URLs are a very visible part of the HTTP request and could be observed and often gets written to the various logs (even in TLS connections). It essentially creates a lot of places from which the token could get accidentally leaked.
For example, when writing applications, many developers use logging to observe application behavior even in production. Outbound HTTP requests are often logged too and the URL part of the request is a very good candidate for such logging. Now, consider, that these logs (with app token in it) get dumped to AWS S3 for archiving purposes. Some other developer could accidentally make S3 bucket public, therefore making the logs (and the app token in it) available to the public (this is quite often happens in S3). Therefore, by using tokens in URLs you are setting up a trap for unaware developers.
The other case, is that load balancers (or ingress controllers) are often used to terminate TLS traffic. This happens on CryptoBot side of things. Such servers could also monitor or log traffic including the URLs with the app tokens. If the leak would occur on this side it will compromise not a single application, but probably all of them, making the problem much-much worse.
The practice of using secrets in URLs should be discouraged. I would suggest to move the app token to the request headers. Using the industry-standard Bearer Authentication header would be ideal for this, i.e.:
Authorization: Bearer <token>
Also, don't be encouraged by the fact that Telegram Bot API also uses this practice, it doesn't make it more secure and should also be considered a security flaw. But I will leave it to the conscience of the Telegram team.
Some would argue that this issue is not "critical", but when it comes to security, there is no such things as "critical" or "non-critical" security flaws, because even a small leak under certain circumstances (that will inevitably happen!) could cause very serious problems.