TakionAPI
Start a TrialJoin our DiscordBuy a PlanDashboard
  • Takion API
  • Interacting with our APIs
  • Datadome
    • Bypass Solution
    • Example Implementations
    • Common Errors & Troubleshooting
  • Incapsula / Imperva
    • reese84 Bypass Solution
    • ___utmvc Bypass Solution
    • Example Implementations
    • Common Errors & Troubleshooting
  • Perimeter X Mobile
    • Bypass Solution
    • Example Implementations
  • GeeTest
    • v3 Bypass Solution
    • v4 Bypass Solution
    • Example Implementations
  • AWS Cognito
    • Bypass Solution
    • Example Implementations
  • Castle
    • Bypass Solution
    • Example Implementations
  • NuData
    • Bypass Solution
    • Example Implementations
  • Image-to-Text Captchas / OCR
    • Bypass Solution
    • Example Implementations
  • Frameworks & Modules
    • Adyen and riskData
    • Queue-IT Module
Powered by GitBook
On this page

Was this helpful?

  1. Castle

Bypass Solution

This documentation provides detailed information on generating the Castle x-castle-request-token.

How the Solution Works

To bypass Castle:

  1. Parse the site key from the webpage (starts with pk_).

  2. Send it along with your session’s __cuid (if you have one).

  3. Parse the response and use the x-castle-request-token.

Required Parameters:

  • scriptID: A numeric scriptID parsed from the page's HTML

Optional Parameters:

  • __cuid: The session’s __cuid cookie. If not provided, one will be generated.

It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.

Example Response

{
  "__cuid": "...",  // Set this on your session if not provided
  "castle": "..."  // Use this token for your next request
}

In order to parse the scriptID from the page's HTML, you can use the following regex:

<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>

PreviousCastleNextExample Implementations

Last updated 4 months ago

Was this helpful?

In order to access any of our endpoint you'll need a valid API Key, either for a trial or

join our discord
puchase a plan

Generate x-castle-request-token

get

This endpoint generates the x-castle-request-token for Castle-protected websites. It requires the site key from the website, and optionally the __cuid cookie from your session. The browser's user-agent string and client hints can also be passed for content negotiation.

Authorizations
Query parameters
scriptIDstringRequired

The scriptID parsed from the page's HTML

__cuidstringOptional

Your session’s __cuid cookie, if available.

Header parameters
User-AgentstringOptional

The browser's user-agent string to simulate during the request.

Sec-Ch-UastringOptional

Client hints for content negotiation (used by some modern browsers).

Responses
200
Token generated
application/json
400
Bad request, missing or invalid parameters
application/json
500
Internal server error
application/json
get
GET /generate HTTP/1.1
Host: castle.takionapi.tech
x-api-key: YOUR_API_KEY
Accept: */*
{
  "__cuid": "12af43...afc9",
  "castle": "4b6fa...db68"
}
  • How the Solution Works
  • Required Parameters:
  • Optional Parameters:
  • Example Response
  • GETGenerate x-castle-request-token