Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.botifymanager.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Botify supports two authentication methods and includes multiple layers of security for account data, cookies, and remote commands.

Authentication Methods

Botify uses a full browser-based OAuth2 flow:
  1. Browser opens discord.com/oauth2/authorize with Botify’s client ID
  2. You authorize scopes: identify + guilds.members.read
  3. Botify verifies you have the “Client” role in the official Botify Discord server
  4. Your Discord User ID is stored locally and synced to MongoDB
You must be a member of the Botify Discord server and have the “Client” role. Without it, login is rejected regardless of payment status.

License Key System

Keys follow the format: BOTIFY-XXXXX-XXXXX-XXXXX-XXXXX
PlanFeatures Unlocked
standardAll core features — 24/7 Alting, Normal Launch, all tabs
enterpriseEverything in Standard + Enterprise Cluster mode
  • Keys are stored in the botify_licenses MongoDB collection
  • Keys are HWID-bound on first activation — tied to your hardware fingerprint
  • Activating on a different PC requires a manual HWID reset via Botify support

Local Data Security

DPAPI Encryption

When Encrypt Account Data is enabled in Settings → Security:
  • account_store.json is encrypted using Windows Data Protection API (DPAPI)
  • Encryption is tied to your Windows user account — only the same user on the same machine can decrypt
  • Switching Windows users or reinstalling Windows requires re-adding accounts
DPAPI encryption is optional and disabled by default. Enable it if you share your PC with other users.
.ROBLOSECURITY cookies are stored in MongoDB with a unique index on (owner_id, pc_name, username):
  • Prevents any Botify node from reading another user’s cookies
  • Cookies are scoped per-user and per-PC — multi-PC setups remain isolated

Command Authentication

Every Botify node generates a 32-byte random token (command_token) on first run. All remote commands must include this token: 
{
  "target_pc": "MainPC",
  "command": "screenshot",
  "auth_token": "<32-byte-hex-token>",
  "owner_id": "123456789012345678"
}
Commands that don’t match auth_token are silently rejected — no error is returned to prevent enumeration attacks.

Administrator Elevation

Botify auto-elevates to Administrator on startup. This is required for:
FeatureWhy Admin is Needed
Multi-RobloxManipulating the Roblox singleton mutex
Working Set TrimmerCalling SetProcessWorkingSetSizeEx / EmptyWorkingSet
CPU Affinity PinningSetting process affinity via Win32 API
Process PrioritySetting priority via NtSetInformationProcess
Crash Handler KillerTerminating RobloxCrashHandler.exe
If you decline the UAC prompt, Multi-Roblox and all Process Optimizer features will be unavailable. Botify will still launch but with reduced functionality.

Enterprise Access

Enterprise Cluster mode is unlocked by either:
  • An enterprise plan license key in botify_licenses, OR
  • Specific Discord User IDs or roles configured as staff in the Botify system
Staff users receive automatic access to all features regardless of their license tier.