Bypass Solution
This documentation provides detailed information on generating the Castle x-castle-request-token.
How the Solution Works
To bypass Castle:
Parse the site key from the webpage (starts with
pk_).Send it along with your session’s
__cuid(if you have one).Parse the response and use the
x-castle-request-token.
Required Parameters:
scriptID: A numeric scriptID parsed from the page's HTML
Optional Parameters:
__cuid: The session’s__cuidcookie. If not provided, one will be generated.
It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.
Example Response
{
"__cuid": "...", // Set this on your session if not provided
"castle": "..." // Use this token for your next request
}In order to parse the scriptID from the page's HTML, you can use the following regex:
<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>This endpoint generates the x-castle-request-token for Castle-protected websites. It requires the site key from the website, and optionally the __cuid cookie from your session. The browser's user-agent string and client hints can also be passed for content negotiation.
The scriptID parsed from the page's HTML
Your session’s __cuid cookie, if available.
The browser's user-agent string to simulate during the request.
Client hints for content negotiation (used by some modern browsers).
GET /generate HTTP/1.1
Host: castle.takionapi.tech
x-api-key: YOUR_API_KEY
Accept: */*
{
"__cuid": "12af43...afc9",
"castle": "4b6fa...db68"
}Last updated
Was this helpful?