Botify supports two authentication methods and includes multiple layers of security for account data, cookies, and remote commands.
Authentication Methods
Discord OAuth2 (Recommended)
Botify uses a full browser-based OAuth2 flow:
- Browser opens
discord.com/oauth2/authorize with Botify’s client ID
- You authorize scopes:
identify + guilds.members.read
- Botify verifies you have the “Client” role in the official Botify Discord server
- Your Discord User ID is stored locally and synced to MongoDB
You must be a member of the Botify Discord server and have the “Client” role. Without it, login is rejected regardless of payment status.
License Key System
Keys follow the format: BOTIFY-XXXXX-XXXXX-XXXXX-XXXXX
| Plan | Features Unlocked |
|---|
standard | All core features — 24/7 Alting, Normal Launch, all tabs |
enterprise | Everything in Standard + Enterprise Cluster mode |
- Keys are stored in the
botify_licenses MongoDB collection
- Keys are HWID-bound on first activation — tied to your hardware fingerprint
- Activating on a different PC requires a manual HWID reset via Botify support
Local Data Security
DPAPI Encryption
When Encrypt Account Data is enabled in Settings → Security:
account_store.json is encrypted using Windows Data Protection API (DPAPI)
- Encryption is tied to your Windows user account — only the same user on the same machine can decrypt
- Switching Windows users or reinstalling Windows requires re-adding accounts
DPAPI encryption is optional and disabled by default. Enable it if you share your PC with other users.
Cookie Storage Security
.ROBLOSECURITY cookies are stored in MongoDB with a unique index on (owner_id, pc_name, username):
- Prevents any Botify node from reading another user’s cookies
- Cookies are scoped per-user and per-PC — multi-PC setups remain isolated
Command Authentication
Every Botify node generates a 32-byte random token (command_token) on first run. All remote commands must include this token:
{
"target_pc": "MainPC",
"command": "screenshot",
"auth_token": "<32-byte-hex-token>",
"owner_id": "123456789012345678"
}
Commands that don’t match auth_token are silently rejected — no error is returned to prevent enumeration attacks.
Administrator Elevation
Botify auto-elevates to Administrator on startup. This is required for:
| Feature | Why Admin is Needed |
|---|
| Multi-Roblox | Manipulating the Roblox singleton mutex |
| Working Set Trimmer | Calling SetProcessWorkingSetSizeEx / EmptyWorkingSet |
| CPU Affinity Pinning | Setting process affinity via Win32 API |
| Process Priority | Setting priority via NtSetInformationProcess |
| Crash Handler Killer | Terminating RobloxCrashHandler.exe |
If you decline the UAC prompt, Multi-Roblox and all Process Optimizer features will be unavailable. Botify will still launch but with reduced functionality.
Enterprise Access
Enterprise Cluster mode is unlocked by either:
- An
enterprise plan license key in botify_licenses, OR
- Specific Discord User IDs or roles configured as staff in the Botify system
Staff users receive automatic access to all features regardless of their license tier.