Start a TrialJoin our DiscordBuy a PlanDashboard

Bypass Solution

This documentation provides detailed information on generating the Castle x-castle-request-token.

How the Solution Works

To bypass Castle:

  1. Parse the site key from the webpage (starts with pk_).

  2. Send it along with your session’s __cuid (if you have one).

  3. Parse the response and use the x-castle-request-token.

Required Parameters:

  • scriptID: A numeric scriptID parsed from the page's HTML

Optional Parameters:

  • __cuid: The session’s __cuid cookie. If not provided, one will be generated.

It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.

Example Response

{
  "__cuid": "...",  // Set this on your session if not provided
  "castle": "..."  // Use this token for your next request
}

In order to parse the scriptID from the page's HTML, you can use the following regex:

In order to access any of our endpoint you'll need a valid API Key, either join our discord for a trial or puchase a plan

Generate x-castle-request-token

get

This endpoint generates the x-castle-request-token for Castle-protected websites. It requires the site key from the website, and optionally the __cuid cookie from your session. The browser's user-agent string and client hints can also be passed for content negotiation.

Authorizations
x-api-keystringRequired
Query parameters
scriptIDstringRequired

The scriptID parsed from the page's HTML

__cuidstringOptional

Your session’s __cuid cookie, if available.

Header parameters
User-AgentstringOptional

The browser's user-agent string to simulate during the request.

Sec-Ch-UastringOptional

Client hints for content negotiation (used by some modern browsers).

Responses
200

Token generated

application/json
get
/generate
PreviousCastleNextExample Implementations

Last updated

Was this helpful?