Hi all,
Long-time Bet Angel user here. Like a lot of you I run more than one instance and trade largely unattended, and over time I got tired of babysitting it — relaunching after a crash, logging back in, re-opening Guardian, re-applying my coupons and rules, especially on a VPS I can't always watch.
So I built a tool to do all of that for me, and it's grown into something I think others might find genuinely useful. In plain terms, it:
- Launches and manages multiple Bet Angel instances from one place
- Logs each one in (including 2-step verification) and opens Guardian
- Applies your coupons and automation rules automatically
- Runs on a schedule (e.g. different setups for different events/days)
- Keeps everything alive 24/7 — auto-restarts a crashed instance, survives reboots and RDP disconnects, and self-heals without me touching it
It sits on top of Bet Angel — it doesn't replace anything, it just automates the fiddly operational side so the platform can run hands-off. Credentials and 2FA details stay encrypted on your own machine and never leave it; that mattered a lot to me and I suspect it matters to everyone.
Why I'm posting before doing anything more with it: this is built entirely around Bet Angel, and I don't want to take it any further without Peter being comfortable with it. I've tried to reach him through PeterWebb.com but haven't heard back yet. I won't be releasing or commercialising anything without his blessing — that's a firm line for me, out of respect for him and the platform we all rely on. If anyone has a good way to get this in front of him, I'd appreciate a steer.
In the meantime I just wanted to gauge interest, is this something you'd actually use? And if so, what would matter most to you? Happy to answer any questions about how it works.
Cheers,
Robin
Built a "fleet manager" for running Bet Angel unattended — gauging interest (and waiting on Peter's blessing first)
Hi Robin,
Apologies, but I haven't seen any email come through from you. Messages sent via the website generally end up in our support system, and nobody here seems to have seen anything arrive, so it may simply have gone astray somewhere along the way.
In principle, we don't have an issue with people building additional tools or utilities around Bet Angel, and over the years we've seen plenty of examples of users extending workflows in creative ways.
There are a few caveats worth mentioning though.
The main one is that Betfair are generally very sensitive about login credentials. Even if passwords are encrypted and stored locally, Betfair's position has traditionally been that passwords should not be stored at all. That's something anybody should bear in mind.
The other obvious consideration is trust. Anybody using a third party application would need to satisfy themselves that they are comfortable with it and understand exactly what it is doing. That's not a reflection on your software specifically, just the reality of handing account access and automation responsibilities to software developed outside the core platform.
From our perspective, support can also become complicated if somebody experiences an issue while using a third party management layer. If Bet Angel appears to have behaved unexpectedly, or we're trying to reproduce a problem, it can be difficult to determine whether the behaviour originated in Bet Angel itself or from software sitting on top of it.
With that in mind, if you decide to make it available from your own website, people can assess it and use it at their own risk. We can't formally endorse it, audit it, certify it, or provide support for it, but we're happy for the discussion to remain on the forum provided people understand those limitations.
I hope that helps clarify our position.
Apologies, but I haven't seen any email come through from you. Messages sent via the website generally end up in our support system, and nobody here seems to have seen anything arrive, so it may simply have gone astray somewhere along the way.
In principle, we don't have an issue with people building additional tools or utilities around Bet Angel, and over the years we've seen plenty of examples of users extending workflows in creative ways.
There are a few caveats worth mentioning though.
The main one is that Betfair are generally very sensitive about login credentials. Even if passwords are encrypted and stored locally, Betfair's position has traditionally been that passwords should not be stored at all. That's something anybody should bear in mind.
The other obvious consideration is trust. Anybody using a third party application would need to satisfy themselves that they are comfortable with it and understand exactly what it is doing. That's not a reflection on your software specifically, just the reality of handing account access and automation responsibilities to software developed outside the core platform.
From our perspective, support can also become complicated if somebody experiences an issue while using a third party management layer. If Bet Angel appears to have behaved unexpectedly, or we're trying to reproduce a problem, it can be difficult to determine whether the behaviour originated in Bet Angel itself or from software sitting on top of it.
With that in mind, if you decide to make it available from your own website, people can assess it and use it at their own risk. We can't formally endorse it, audit it, certify it, or provide support for it, but we're happy for the discussion to remain on the forum provided people understand those limitations.
I hope that helps clarify our position.
Hi Peter,
Thank you — I really appreciate you taking the time to give such a considered reply, and for being open to tools built around Bet Angel in the first place. (And apologies for the email going astray — the website form must have swallowed it; good to make contact properly here.)
I've taken your caveats on board, and they're exactly the right ones to raise.
On credentials in particular — you're right that this is the crux. The tool does need to store the Betfair login and 2FA seed locally to log instances in unattended; there's no way around that if the goal is hands-off operation. They're encrypted at rest with Windows DPAPI and never leave the machine, but I completely accept that Betfair's position is that passwords shouldn't be stored at all, and I'll make sure that's stated plainly and up front so anyone using it is making an informed choice rather than discovering it later.
On trust and support — understood and agreed. I'll be clear at every step that this is an independent tool, not a Bet Angel product, not endorsed, audited or supported by you, and used entirely at the user's own risk — and that support questions about it come to me, not to your team. The last thing I'd want is to muddy the water on where a problem originates.
Where things stand: it's functional and I've been running it on my own setup for a while — multi-instance launch, login, Guardian, applying coupons/rules, on a schedule, with self-healing if something falls over. I think it's at the point where a small amount of real-world feedback would be valuable before doing anything more with it.
With that in mind, and so I stay within what you're comfortable with: would you be OK with me taking a small number of beta testers from the forum? (If there is any interest). I'd do it carefully — issuing time-limited licences (so it's clearly a trial that simply expires), making the limitations above explicit to anyone who takes part, and keeping the discussion here transparent. Entirely happy to work within whatever bounds you'd prefer.
Thanks again for the steer — it's genuinely appreciated.
Robin
Thank you — I really appreciate you taking the time to give such a considered reply, and for being open to tools built around Bet Angel in the first place. (And apologies for the email going astray — the website form must have swallowed it; good to make contact properly here.)
I've taken your caveats on board, and they're exactly the right ones to raise.
On credentials in particular — you're right that this is the crux. The tool does need to store the Betfair login and 2FA seed locally to log instances in unattended; there's no way around that if the goal is hands-off operation. They're encrypted at rest with Windows DPAPI and never leave the machine, but I completely accept that Betfair's position is that passwords shouldn't be stored at all, and I'll make sure that's stated plainly and up front so anyone using it is making an informed choice rather than discovering it later.
On trust and support — understood and agreed. I'll be clear at every step that this is an independent tool, not a Bet Angel product, not endorsed, audited or supported by you, and used entirely at the user's own risk — and that support questions about it come to me, not to your team. The last thing I'd want is to muddy the water on where a problem originates.
Where things stand: it's functional and I've been running it on my own setup for a while — multi-instance launch, login, Guardian, applying coupons/rules, on a schedule, with self-healing if something falls over. I think it's at the point where a small amount of real-world feedback would be valuable before doing anything more with it.
With that in mind, and so I stay within what you're comfortable with: would you be OK with me taking a small number of beta testers from the forum? (If there is any interest). I'd do it carefully — issuing time-limited licences (so it's clearly a trial that simply expires), making the limitations above explicit to anyone who takes part, and keeping the discussion here transparent. Entirely happy to work within whatever bounds you'd prefer.
Thanks again for the steer — it's genuinely appreciated.
Robin
for those wanting to test your app one thing about storing passwords ie Who can see the password depends entirely on how and where the app saves it. In most cases, only user should be able to see it, but others could access it depending on the app's security and your device settings.
You're right to flag this — it's an important consideration, and I'd rather be completely transparent about how it handles credentials than gloss over it.
Credentials (your Betfair password and, if you use it, the 2FA seed) are encrypted at rest using Windows DPAPI in user scope. In practice that means only your logged-in Windows account can decrypt them — not other user accounts on the same PC, not if someone copies the file to another machine, and not over any network. It's the same underlying mechanism Windows itself and your browser use to store saved passwords. On top of that, the file is locked down with an ACL to your account, an app-specific secondary key is mixed in, and it lives in your user-private AppData. The password is never written to logs, never sent anywhere over the internet (it's typed straight into Bet Angel's own login box locally), and it's left out of backups and any diagnostic reports.
Now the honest part, because you're right that it depends on your setup: DPAPI protects against other users and file theft, but anything running as your own Windows account can decrypt it — that's true of any saved-password system, including your browser. So your machine's general security still matters (a real login password, no dodgy software, don't share the account). And for genuine 24/7 unattended running you'll usually enable Windows autologon, which means the machine logs itself in — so you should treat physical or remote access to that box as access to the session. That's the nature of any always-on auto-trading setup, not specific to this tool. Storing the 2FA seed (needed for hands-off login) also means that second factor lives on the same machine.
So: encrypted to the same standard Windows uses for its own saved credentials, never leaves your machine — but it is unattended trading software that necessarily stores credentials, and you should be comfortable with that and with your machine's security before using it. I'd rather you know exactly how it works and decide for yourself.
Credentials (your Betfair password and, if you use it, the 2FA seed) are encrypted at rest using Windows DPAPI in user scope. In practice that means only your logged-in Windows account can decrypt them — not other user accounts on the same PC, not if someone copies the file to another machine, and not over any network. It's the same underlying mechanism Windows itself and your browser use to store saved passwords. On top of that, the file is locked down with an ACL to your account, an app-specific secondary key is mixed in, and it lives in your user-private AppData. The password is never written to logs, never sent anywhere over the internet (it's typed straight into Bet Angel's own login box locally), and it's left out of backups and any diagnostic reports.
Now the honest part, because you're right that it depends on your setup: DPAPI protects against other users and file theft, but anything running as your own Windows account can decrypt it — that's true of any saved-password system, including your browser. So your machine's general security still matters (a real login password, no dodgy software, don't share the account). And for genuine 24/7 unattended running you'll usually enable Windows autologon, which means the machine logs itself in — so you should treat physical or remote access to that box as access to the session. That's the nature of any always-on auto-trading setup, not specific to this tool. Storing the 2FA seed (needed for hands-off login) also means that second factor lives on the same machine.
So: encrypted to the same standard Windows uses for its own saved credentials, never leaves your machine — but it is unattended trading software that necessarily stores credentials, and you should be comfortable with that and with your machine's security before using it. I'd rather you know exactly how it works and decide for yourself.
Thanks again — much appreciated. I'm just working out the best, most responsible way to run a small beta, and I'll update the thread shortly once it's nailed down. It'll likely look like a small number of testers on time-limited trial licences that simply expire, with the limitations made clear up front — independent tool, not a Bet Angel product, used at your own risk, and any support comes to me rather than your team.
I'll also re-check the forum rules before posting any links, so anything I share stays within them.
Cheers,
Robin