Bypass Solution

This documentation provides detailed information on generating the Castle x-castle-request-token.

How the Solution Works

To bypass Castle:

Parse the site key from the webpage (starts with pk_).
Send it along with your session’s __cuid (if you have one).
Parse the response and use the x-castle-request-token.

Required Parameters:

scriptID: A numeric scriptID parsed from the page's HTML

Optional Parameters:

__cuid: The session’s __cuid cookie. If not provided, one will be generated.

It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.

Example Response

{
  "__cuid": "...",  // Set this on your session if not provided
  "castle": "..."  // Use this token for your next request
}

In order to parse the scriptID from the page's HTML, you can use the following regex:

<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>

In order to access any of our endpoint you'll need a valid API Key, either join our discord for a trial or puchase a plan

Generate x-castle-request-token

This endpoint generates the x-castle-request-token for Castle-protected websites. It requires the site key from the website, and optionally the __cuid cookie from your session. The browser's user-agent string and client hints can also be passed for content negotiation.

GEThttps://castle.takionapi.tech/generate

Query parameters

Header parameters

Response

Token generated

Body

__cuidstring

The generated or provided __cuid to be set in your session.

castlestring

The generated x-castle-request-token for use in your next request.

Request

const response = await fetch('https://castle.takionapi.tech/generate?scriptID=text', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{
  "__cuid": "text",
  "castle": "text"
}

PreviousCastle NextExample Implementations

Last updated 1 month ago