Best Practices

Best Practices

Guidelines for operating BotCloud responsibly, securely, and efficiently.

Before You Start

Confirm written authorization, use controlled proxies, use synthetic/anonymized data, respect third-party service terms.

  • Confirm written authorization from your service provider before onboarding
  • Use controlled, dedicated proxies — never shared residential proxies from unknown sources
  • Use synthetic or anonymized test data, not real user credentials
  • Review and respect third-party service terms before targeting any platform

Security Hygiene

Encrypt and store credentials securely, rotate regularly, maintain detailed logging.

  • Store your API token in environment variables, never in source code
  • Rotate credentials regularly and immediately after any suspected exposure
  • Use Bearer token authentication for all API endpoint calls
  • Maintain detailed audit logs using GET /api/history for session trails

Session Management

Proper session lifecycle management prevents quota leaks and ensures reliable automation.

  • Always use try-finally with browser.close() to guarantee quota release
  • Monitor disconnect reasons via GET /api/history — insufficient balance stops sessions mid-run
  • Check remaining quota with GET /api/quota before launching large jobs
  • Handle 400/401/403/500 errors with exponential backoff retries

Proxy Configuration

Proxy declarations are mandatory on every connection — no unauthenticated egress.

  • Declare --proxy-server on every WebSocket connection — the parameter is required
  • Credentials travel in the URL-encoded connection string; use HTTPS proxies for sensitive workflows
  • Geo-inference is automatic from your proxy IP: timezone, locale, and region are set to match
  • Use UDP over SOCKS5 for WebRTC leak prevention on supported proxy providers

You Must Not

Tamper with anti-abuse mechanisms without permission, collect third-party credentials or personal data, resell access, engage in spam or fraud.

  • Tamper with anti-abuse mechanisms without explicit written permission
  • Collect third-party credentials, personal data, or payment information
  • Resell or sub-license BotCloud API access to third parties
  • Use BotCloud for spam, fraud, or any activity prohibited by applicable law

Incident & Abuse Handling

Immediately pause anomalous tasks and notify support team.

  • Immediately pause all running sessions when anomalous behavior is detected
  • Contact support via Telegram @BotCloudSupport with session IDs and timestamps
  • Preserve GET /api/history output for the affected time window
  • Document the incident scope before resuming automation workflows

Questions About Compliance?

Review the full Legal Disclaimer and Responsible Use Guidelines before onboarding.

View Responsible UseContact Support