search
Start a TrialJoin our DiscordBuy a PlanDashboard

user-robotBypass Solution

This documentation provides detailed information on generating the Castle x-castle-request-token.

hashtag
How the Solution Works

To bypass Castle:

  1. Parse the site key from the webpage (starts with pk_).

  2. Send it along with your session’s __cuid (if you have one).

  3. Parse the response and use the x-castle-request-token.

hashtag
Required Parameters:

  • scriptID: A numeric scriptID parsed from the page's HTML

hashtag
Optional Parameters:

  • __cuid: The session’s __cuid cookie. If not provided, one will be generated.

It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.

hashtag
Example Response

{
  "__cuid": "...",  // Set this on your session if not provided
  "castle": "..."  // Use this token for your next request
}

In order to parse the scriptID from the page's HTML, you can use the following regex:

circle-info

In order to access any of our endpoint you'll need a valid API Key, either join our discordarrow-up-right for a trial or puchase a planarrow-up-right

hashtag
Generate x-castle-request-token

get

This endpoint generates the x-castle-request-token for Castle-protected websites. It requires the site key from the website, and optionally the __cuid cookie from your session. The browser's user-agent string and client hints can also be passed for content negotiation.

Authorizations
x-api-keystringRequired
Query parameters
scriptIDstringRequired

The scriptID parsed from the page's HTML

__cuidstringOptional

Your session’s __cuid cookie, if available.

Header parameters
User-AgentstringOptional

The browser's user-agent string to simulate during the request.

Sec-Ch-UastringOptional

Client hints for content negotiation (used by some modern browsers).

Responses
chevron-right
200

Token generated

application/json
get
/generate
PreviousCastleNextExample Implementations

Last updated