Page cover image

Perimeter X Mobile

This documentation provides detailed information on how to bypass PerimeterX Mobile (px2 or px3) protection using TakionAPI.

What is PerimeterX Mobile?

PerimeterX, know simply as px, is a bot management solution that protects mobile applications, APIs, and web apps from automated threats. It differentiates between human and bot traffic using advanced detection mechanisms. While we offer a solution for either the web, hold captcha (pxhc) and mobile version, this documentation focuses specifically on the mobile version used in apps on iOS and Android.

How to Detect if an Application is Using PerimeterX

PerimeterX protection can be identified in mobile app requests by inspecting the headers for specific values:

  • For px3: Headers resembling 3:5b0de...3c67add:MO...P5VNA==:1000:6xXz...=

  • For px2: Headers resembling 2:eyJ1Ijoi...JkZWYyIn0=

These headers are often passed as x-px-original-token, x-px-authorization, or x-px-context.

Additionally, look for requests made to URLs such as:

  • https://collector-XXX.perimeterx.net/api/v1/collector/mobile

  • https://collector-XXX.px-cloud.net/api/v2/collector

Example of PerimeterX-Protected Applications

Some applications known to use PerimeterX for mobile protection include:

App Name
Package Name

StockX

com.stockx.stockx

TextNow

com.enflick.android.TextNow

GrubHub

com.grubhub.android

My B&B

com.bathandbody.bbw

FanDuel

com.fanduel.sportsbook

Last updated

Was this helpful?