Perimeter X Mobile
This documentation provides detailed information on how to bypass PerimeterX Mobile (px2 or px3) protection using TakionAPI.
What is PerimeterX Mobile?
PerimeterX, know simply as px, is a bot management solution that protects mobile applications, APIs, and web apps from automated threats. It differentiates between human and bot traffic using advanced detection mechanisms. While we offer a solution for either the web, hold captcha (pxhc) and mobile version, this documentation focuses specifically on the mobile version used in apps on iOS and Android.
How to Detect if an Application is Using PerimeterX
PerimeterX protection can be identified in mobile app requests by inspecting the headers for specific values:
For px3: Headers resembling
3:5b0de...3c67add:MO...P5VNA==:1000:6xXz...=For px2: Headers resembling
2:eyJ1Ijoi...JkZWYyIn0=
These headers are often passed as x-px-original-token, x-px-authorization, or x-px-context.
Additionally, look for requests made to URLs such as:
https://collector-XXX.perimeterx.net/api/v1/collector/mobilehttps://collector-XXX.px-cloud.net/api/v2/collector
Example of PerimeterX-Protected Applications
Some applications known to use PerimeterX for mobile protection include:
StockX
TextNow
GrubHub
My B&B
FanDuel
Last updated
Was this helpful?
