Profile-code verification
The default verification method. Designed to be the lowest-friction path that doesn't require any unsafe data from your members. For a one-click alternative, see Sign in with Roblox.
How it works
- The user runs
/verifyin your server. - MGS Link generates a short code in the form
MGS-XXXX-XXXX-XXXXusing a 30-character ambiguous-free alphabet (no I, L, O, 0, 1). - The bot replies ephemerally with a Components v2 prompt containing the code, a copy button, the verification page link, and a live countdown.
- The user pastes the code into their Roblox profile description, returns to the verification page, and enters their Roblox username.
- Our backend resolves the username, fetches the description from
users.roblox.com/v1/users/{id}, and confirms the code is present. - The user/account link is created and a role-sync job is queued.
15-minute expiry
Sessions expire automatically. Resend gets a fresh code without invalidating other in-flight verifications.
Single use, bound to (guild, user)
A token can only be redeemed once and only by the Discord user it was created for. Replay attacks fail.
Server-side validation
Our backend reads the Roblox profile description through the public API and matches the code. The browser never decides whether you're verified.
What we never ask for
- • Your Roblox password.
- • Your
.ROBLOSECURITYcookie. - • Two-factor codes.
- • Email or any other private profile information.
The only data we read is what's already public on your Roblox profile.
Common failures
- "Code not found in profile"
- The user pasted into status or About instead of the description. Verification only checks the description field.
- "Roblox username not found"
- They entered display name. Use the underscore-friendly username, not the display name.
- "Session expired"
- Codes are valid for 15 minutes. Run
/verifyagain to get a fresh one.
