Akamai Token Solving
Bypass Akamai Bot Manager protections and generate valid sensor data tokens for protected endpoints. Our solver replicates the full Akamai browser telemetry collection pipeline and returns tokens that allow uninterrupted access to Akamai-protected resources.
What is Akamai Token?
Akamai Bot Manager is an enterprise-grade bot detection platform used by major e-commerce, financial, and media organizations worldwide. It works by injecting JavaScript into pages that collects detailed browser telemetry — including mouse movements, keyboard events, canvas fingerprints, and WebGL data — and encodes this information into a sensor data payload. This payload is submitted to Akamai's validation endpoint, and in return the site receives a session token that is required to access protected resources. Our solver replicates this entire flow and returns a valid token that can be used directly in your requests.
Captcha Type
Use the following captcha type identifier in your API requests:
"type": "AKAMAI_TOKEN"
Proxy Strongly Recommended
Akamai tracks IP reputation and associates session tokens with the IP address from which the sensor data was submitted. Always use the same proxy for both generating the token and making requests to the protected endpoint. Using residential or ISP proxies produces significantly better results than datacenter IPs, which are often flagged by Akamai's risk scoring system.
Request Format
POST
/createTask
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
auth.token |
string | required | Your API key |
captcha.type |
string | required | Must be "AKAMAI_TOKEN" |
captcha.metadata.siteUrl |
string | required | The full URL of the Akamai-protected page |
captcha.payload.scriptUrl |
string | optional | URL of the Akamai sensor data collection script. Found in page source as a script tag referencing a path like /akam/ or similar. Providing this improves accuracy. |
captcha.payload.apiEndpoint |
string | optional | The endpoint URL where Akamai sensor data is submitted (the POST request made by the Akamai script). Extracting and providing this value ensures the solver targets the correct API. |
captcha.payload.userAgent |
string | optional | Your browser user agent. Using a realistic and consistent user agent significantly improves token acceptance rates. |
captcha.payload.proxy |
object | recommended | Proxy configuration object. Strongly recommended — Akamai associates the token with the originating IP. |
captcha.payload.proxy.protocol |
string | required* | Proxy protocol: "http", "https", "socks4", or "socks5" |
captcha.payload.proxy.host |
string | required* | Proxy IP address or hostname |
captcha.payload.proxy.port |
number | required* | Proxy port number |
captcha.payload.proxy.username |
string | optional | Proxy authentication username |
captcha.payload.proxy.password |
string | optional | Proxy authentication password |
* Required only if the parent object (proxy) is provided
Finding Akamai Script and API Endpoint
To locate the Akamai script URL, inspect the page source of the protected site and look for a
script tag loading a file from a path that includes /akam/. To find the API endpoint,
open your browser developer tools, visit the protected page, and filter the Network tab for POST
requests. The Akamai sensor data submission request will typically have a URL ending in
/sensor_data or contain the Akamai API path pattern.
Example Request
JSON
{
"auth": {
"token": "YOUR_API_KEY"
},
"context": {
"source": "api",
"version": "1.0.0"
},
"captcha": {
"type": "AKAMAI_TOKEN",
"metadata": {
"siteUrl": "https://example.com/protected-page"
},
"payload": {
"scriptUrl": "https://example.com/akam/11/1234abcd",
"apiEndpoint": "https://example.com/akam/11/pixel_1234abcd",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
"proxy": {
"protocol": "http",
"host": "1.2.3.4",
"port": 8080,
"username": "proxyuser",
"password": "proxypass"
}
}
}
}
JavaScript
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: {
token: 'YOUR_API_KEY'
},
context: {
source: 'api',
version: '1.0.0'
},
captcha: {
type: 'AKAMAI_TOKEN',
metadata: {
siteUrl: 'https://example.com/protected-page'
},
payload: {
scriptUrl: 'https://example.com/akam/11/1234abcd',
apiEndpoint: 'https://example.com/akam/11/pixel_1234abcd',
userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
}
}
})
});
const data = await response.json();
console.log('Task ID:', data.task.id);
Python
import requests
response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
json={
'auth': {'token': 'YOUR_API_KEY'},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'AKAMAI_TOKEN',
'metadata': {
'siteUrl': 'https://example.com/protected-page'
},
'payload': {
'scriptUrl': 'https://example.com/akam/11/1234abcd',
'apiEndpoint': 'https://example.com/akam/11/pixel_1234abcd',
'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
'proxy': {
'protocol': 'http',
'host': '1.2.3.4',
'port': 8080,
'username': 'proxyuser',
'password': 'proxypass'
}
}
}
}
)
data = response.json()
print('Task ID:', data['task']['id'])
cURL
curl -X POST https://solver-api.mydisct.com/createTask \
-H "Content-Type: application/json" \
-H "apikey: YOUR_API_KEY" \
-d '{
"auth": {"token": "YOUR_API_KEY"},
"context": {"source": "api", "version": "1.0.0"},
"captcha": {
"type": "AKAMAI_TOKEN",
"metadata": {
"siteUrl": "https://example.com/protected-page"
},
"payload": {
"scriptUrl": "https://example.com/akam/11/1234abcd",
"apiEndpoint": "https://example.com/akam/11/pixel_1234abcd",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"proxy": {
"protocol": "http",
"host": "1.2.3.4",
"port": 8080,
"username": "proxyuser",
"password": "proxypass"
}
}
}
}'Response Format
Create Task Response (Processing)
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha task created successfully",
"task": {
"id": "MyDisctSolver_abc123",
"status": "processing"
}
}Fetch Result Response (Completed)
{
"success": true,
"service": "MyDisct Solver",
"message": "Akamai challenge solved successfully",
"task": {
"id": "MyDisctSolver_abc123",
"status": "completed",
"result": {
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"cookies": {
"_abck": "A1B2C3D4E5F6...",
"bm_sz": "XyZAbCdEfGhI...",
"ak_bmsc": "GhIjKlMnOpQr...",
"bm_sv": "AbCdEfGhIj...",
"_raw_cookie_string": "_abck=A1B2C3D4E5F6...;bm_sz=XyZAbCdEfGhI..."
},
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
"timestamp": "2025-10-10T12:00:00.000Z"
}
}
}Response Fields
| Field | Type | Description |
|---|---|---|
result.token |
string | The Akamai sensor data token. Include this in the _abck or authorization header depending on the site implementation. |
result.cookies |
object | Plain key-value object of Akamai Bot Manager cookies captured during the solving session. Contains only Akamai-specific cookies with non-empty values, plus a _raw_cookie_string convenience field. |
result.cookies._abck |
string | Primary Akamai Bot Manager cookie. Must be included in all requests to the protected site. |
result.cookies.bm_sz |
string | Akamai Bot Manager session size cookie. Must be included alongside _abck. |
result.cookies.ak_bmsc |
string | Akamai Bot Manager secondary cookie. Present when set by the target site. |
result.cookies.bm_sv |
string | Akamai Bot Manager session verification cookie. Present when set by the target site. |
result.cookies._raw_cookie_string |
string | Convenience field with all captured cookies pre-formatted as a Cookie header string. Can be used directly as the value of the Cookie HTTP header. |
result.user_agent |
string | The exact user agent used during solving. Must be forwarded in all subsequent requests. |
Implementation Guide
Complete JavaScript Implementation
JavaScript
async function solveAkamaiToken(siteUrl, options = {}) {
const payload = {
userAgent: options.userAgent || 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
};
if (options.scriptUrl) payload.scriptUrl = options.scriptUrl;
if (options.apiEndpoint) payload.apiEndpoint = options.apiEndpoint;
if (options.proxy) payload.proxy = options.proxy;
const createResponse = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'AKAMAI_TOKEN',
metadata: { siteUrl },
payload
}
})
});
const createData = await createResponse.json();
if (!createData.success) throw new Error(createData.error.message);
const taskId = createData.task.id;
while (true) {
await new Promise(resolve => setTimeout(resolve, 5000));
const resultResponse = await fetch('https://solver-api.mydisct.com/fetchResult', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({ taskId })
});
const resultData = await resultResponse.json();
if (resultData.task.status === 'completed') {
return resultData.task.result;
} else if (resultData.task.status === 'failed') {
throw new Error('Akamai token solving failed');
}
}
}
function buildCookieHeader(cookies) {
return Object.entries(cookies)
.map(([name, value]) => `${name}=${value}`)
.join('; ');
}
async function makeAkamaiRequest(url, solverResult) {
const cookieHeader = buildCookieHeader(solverResult.cookies);
const response = await fetch(url, {
method: 'GET',
headers: {
'User-Agent': solverResult.user_agent,
'Cookie': cookieHeader,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate, br',
'Connection': 'keep-alive'
}
});
return response;
}
const akamaiResult = await solveAkamaiToken('https://example.com/protected-page', {
scriptUrl: 'https://example.com/akam/11/1234abcd',
apiEndpoint: 'https://example.com/akam/11/pixel_1234abcd',
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
});
const protectedResponse = await makeAkamaiRequest(
'https://example.com/api/products',
akamaiResult
);
console.log('Status:', protectedResponse.status);Python Implementation
Python
import requests
import time
def solve_akamai_token(site_url, api_key, script_url=None, api_endpoint=None,
user_agent=None, proxy_config=None):
payload_data = {
'userAgent': user_agent or 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
}
if script_url:
payload_data['scriptUrl'] = script_url
if api_endpoint:
payload_data['apiEndpoint'] = api_endpoint
if proxy_config:
payload_data['proxy'] = proxy_config
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'AKAMAI_TOKEN',
'metadata': {'siteUrl': site_url},
'payload': payload_data
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created: {task_id}')
while True:
time.sleep(5)
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']
elif result_data['task']['status'] == 'failed':
raise Exception('Akamai token solving failed')
print('Waiting for solution...')
def make_akamai_request(url, solver_result):
cookies = solver_result['cookies']
response = requests.get(
url,
headers={
'User-Agent': solver_result['user_agent'],
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5'
},
cookies=cookies
)
return response
akamai_result = solve_akamai_token(
site_url='https://example.com/protected-page',
api_key='YOUR_API_KEY',
script_url='https://example.com/akam/11/1234abcd',
api_endpoint='https://example.com/akam/11/pixel_1234abcd',
proxy_config={
'protocol': 'http',
'host': '1.2.3.4',
'port': 8080,
'username': 'proxyuser',
'password': 'proxypass'
}
)
print(f'Token received: {akamai_result["token"][:50]}...')
print(f'Cookies: {list(akamai_result["cookies"].keys())}')
protected_response = make_akamai_request(
'https://example.com/api/products',
akamai_result
)
print(f'Status: {protected_response.status_code}')Best Practices
Recommendations
- Provide Script and Endpoint URLs: Always extract and provide
scriptUrlandapiEndpoint— these allow the solver to replicate the exact Akamai flow used by the target site - Residential Proxies: Akamai heavily penalizes datacenter IP ranges. Use residential or ISP proxies for best results
- IP Consistency: The Akamai token and cookies are associated with the solving IP — use the same proxy for all requests that use the generated token
- User Agent Forwarding: Always forward the exact
user_agentreturned in the result — it is embedded in the sensor data payload - Forward All Cookies: Include both
_abckandbm_szcookies in subsequent requests - Token Freshness: Akamai tokens have a limited validity window. Generate a fresh token if requests start returning 403 responses
- Polling Interval: Use 5-second polling intervals — Akamai token generation typically takes 10 to 20 seconds
Common Issues
Issue: Token rejected with 403 response
Solution: Verify that you are using the same proxy IP for requests as the one used
during token generation. Also confirm that the user_agent from the result is being
forwarded and that all cookies are included in the request.
Issue: Solving fails or takes very long
Solution: Extract and provide the scriptUrl and apiEndpoint
values from the target page. Without these, the solver must discover the correct endpoints on its own,
which can increase solving time or reduce accuracy.
Issue: Token valid but requests still blocked
Solution: Some Akamai implementations require the token to be passed as a specific
header or in a specific request field in addition to cookies. Inspect the network traffic of a
legitimate session to identify where the _abck value and token need to be placed.