Perimeter X Mobile
This documentation provides detailed information on how to bypass PerimeterX Mobile (px2 or px3) protection using TakionAPI.
Last updated
This documentation provides detailed information on how to bypass PerimeterX Mobile (px2 or px3) protection using TakionAPI.
Last updated
PerimeterX, know simply as px, is a bot management solution that protects mobile applications, APIs, and web apps from automated threats. It differentiates between human and bot traffic using advanced detection mechanisms. While we offer a solution for either the web, hold captcha (pxhc) and mobile version, this documentation focuses specifically on the mobile version used in apps on iOS and Android.
PerimeterX protection can be identified in mobile app requests by inspecting the headers for specific values:
For px3: Headers resembling 3:5b0de...3c67add:MO...P5VNA==:1000:6xXz...=
For px2: Headers resembling 2:eyJ1Ijoi...JkZWYyIn0=
These headers are often passed as x-px-original-token, x-px-authorization, or x-px-context.
Additionally, look for requests made to URLs such as:
https://collector-XXX.perimeterx.net/api/v1/collector/mobile
https://collector-XXX.px-cloud.net/api/v2/collector
Some applications known to use PerimeterX for mobile protection include:
| App Name | Package Name |
|---|---|
StockX
TextNow
GrubHub
My B&B
FanDuel
