Bypass Solution

This documentation provides detailed information on generating the Castle x-castle-request-token.

How the Solution Works

To bypass Castle:

Parse the site key from the webpage (starts with pk_).
Send it along with your session’s __cuid (if you have one).
Parse the response and use the x-castle-request-token.

Required Parameters:

scriptID: A numeric scriptID parsed from the page's HTML

Optional Parameters:

__cuid: The session’s __cuid cookie. If not provided, one will be generated.

It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.

Example Response

{
  "__cuid": "...",  // Set this on your session if not provided
  "castle": "..."  // Use this token for your next request
}

In order to parse the scriptID from the page's HTML, you can use the following regex:

<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>

In order to access any of our endpoint you'll need a valid API Key, either join our discord for a trial or puchase a plan

Generate x-castle-request-token

get

This endpoint generates the x-castle-request-token for Castle-protected websites. It requires the site key from the website, and optionally the __cuid cookie from your session. The browser's user-agent string and client hints can also be passed for content negotiation.

Authorizations

x-api-keystringRequired

Query parameters

scriptIDstringRequired

The scriptID parsed from the page's HTML

__cuidstringOptional

Your session’s __cuid cookie, if available.

Header parameters

User-AgentstringOptional

The browser's user-agent string to simulate during the request.

Sec-Ch-UastringOptional

Client hints for content negotiation (used by some modern browsers).

Responses

200

Token generated

application/json

__cuidstringOptional

The generated or provided __cuid to be set in your session.

castlestringOptional

The generated x-castle-request-token for use in your next request.

400

Bad request, missing or invalid parameters

application/json

500

Internal server error

application/json

get

/generate

GET /generate?scriptID=text HTTP/1.1
Host: castle.takionapi.tech
x-api-key: YOUR_API_KEY
Accept: */*

{
  "__cuid": "12af43...afc9",
  "castle": "4b6fa...db68"
}

PreviousCastle NextExample Implementations

Last updated 1 year ago

hashtagHow the Solution Works

hashtagRequired Parameters:

hashtagOptional Parameters:

hashtagExample Response

hashtagGenerate x-castle-request-token

How the Solution Works

Required Parameters:

Optional Parameters:

Example Response

Generate x-castle-request-token