Bypass Solution
This documentation provides detailed information on generating the Castle x-castle-request-token.
How the Solution Works
To bypass Castle:
Parse the site key from the webpage (starts with
pk_).Send it along with your session’s
__cuid(if you have one).Parse the response and use the
x-castle-request-token.
Required Parameters:
scriptID: A numeric scriptID parsed from the page's HTML
Optional Parameters:
__cuid: The session’s__cuidcookie. If not provided, one will be generated.
It's highly recommended to provide your session’s User-Agent, Sec-Ch-Ua, and Accept-Language headers for more accurate token generation.
Example Response
{
"__cuid": "...", // Set this on your session if not provided
"castle": "..." // Use this token for your next request
}In order to parse the scriptID from the page's HTML, you can use the following regex:
<script\s+src=["\'].*?cdn\.castle\.io/v2/castle\.js\?([^"\']+)["\'].*?>Last updated
Was this helpful?