Skip to main content
Botify supports two authentication methods and includes multiple layers of security for account data, cookies, and remote commands.

Authentication Methods

Botify uses a full browser-based OAuth2 flow:
  1. Browser opens discord.com/oauth2/authorize with Botify’s client ID
  2. You authorize scopes: identify + guilds.members.read
  3. Botify verifies you have the “Client” role in the official Botify Discord server
  4. Your Discord User ID is stored locally and synced to MongoDB
You must be a member of the Botify Discord server and have the “Client” role. Without it, login is rejected regardless of payment status.

License Key System

Keys follow the format: BOTIFY-XXXXX-XXXXX-XXXXX-XXXXX
PlanFeatures Unlocked
standardAll core features — 24/7 Alting, Normal Launch, all tabs
enterpriseEverything in Standard + Enterprise Cluster mode
  • Keys are stored in the botify_licenses MongoDB collection
  • Keys are HWID-bound on first activation — tied to your hardware fingerprint
  • Activating on a different PC requires a manual HWID reset via Botify support

Local Data Security

DPAPI Encryption

When Encrypt Account Data is enabled in Settings → Security:
  • account_store.json is encrypted using Windows Data Protection API (DPAPI)
  • Encryption is tied to your Windows user account — only the same user on the same machine can decrypt
  • Switching Windows users or reinstalling Windows requires re-adding accounts
DPAPI encryption is optional and disabled by default. Enable it if you share your PC with other users.
.ROBLOSECURITY cookies are stored in MongoDB with a unique index on (owner_id, pc_name, username):
  • Prevents any Botify node from reading another user’s cookies
  • Cookies are scoped per-user and per-PC — multi-PC setups remain isolated

Command Authentication

Every Botify node generates a 32-byte random token (command_token) on first run. All remote commands must include this token:
{
  "target_pc": "MainPC",
  "command": "screenshot",
  "auth_token": "<32-byte-hex-token>",
  "owner_id": "123456789012345678"
}
Commands that don’t match auth_token are silently rejected — no error is returned to prevent enumeration attacks.

Administrator Elevation

Botify auto-elevates to Administrator on startup. This is required for:
FeatureWhy Admin is Needed
Multi-RobloxManipulating the Roblox singleton mutex
Working Set TrimmerCalling SetProcessWorkingSetSizeEx / EmptyWorkingSet
CPU Affinity PinningSetting process affinity via Win32 API
Process PrioritySetting priority via NtSetInformationProcess
Crash Handler KillerTerminating RobloxCrashHandler.exe
If you decline the UAC prompt, Multi-Roblox and all Process Optimizer features will be unavailable. Botify will still launch but with reduced functionality.

Enterprise Access

Enterprise Cluster mode is unlocked by either:
  • An enterprise plan license key in botify_licenses, OR
  • Specific Discord User IDs or roles configured as staff in the Botify system
Staff users receive automatic access to all features regardless of their license tier.