Cloudflare Challenge Token Solving
Bypass Cloudflare challenge pages and obtain clearance cookies for protected websites. Handles the full browser verification flow and returns a cookie object that is ready to use in subsequent requests.
Cloudflare challenge pages appear when a website enables protection modes such as "I am Under Attack Mode" or browser integrity checks. These challenges require solving JavaScript puzzles and browser fingerprinting verification to prove human-like behavior. Our API automatically handles the entire challenge flow and returns the resulting clearance cookies as a plain object where each key is the cookie name and each value is the cookie value. The user agent used during solving is also returned and must be forwarded together with the cookies in all subsequent requests to the protected site.
Captcha Type
Use the following captcha type identifier in your API requests:
"type": "CLOUDFLARE_CHALLENGE_TOKEN"A valid proxy configuration is required for Cloudflare Challenge solving. The challenge must be solved from the same proxy IP that will be used for subsequent requests. Clearance cookies are bound to the IP address from which the challenge was solved. Using a different IP after receiving the cookies will result in a new challenge appearing.
Request Format
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
auth.token |
string | required | Your API key |
captcha.type |
string | required | Must be "CLOUDFLARE_CHALLENGE_TOKEN" |
captcha.metadata.siteUrl |
string | required | The full URL of the Cloudflare-protected page |
captcha.payload.userAgent |
string | optional | User agent string to use during challenge solving. Using your actual browser user agent is recommended for consistency. |
captcha.payload.proxy |
object | required | Proxy configuration object. Mandatory for Cloudflare challenges — clearance cookies are IP-bound. |
captcha.payload.proxy.protocol |
string | required* | Proxy protocol: "http", "https", "socks4", or "socks5" |
captcha.payload.proxy.host |
string | required* | Proxy IP address or hostname |
captcha.payload.proxy.port |
number | required* | Proxy port number |
captcha.payload.proxy.username |
string | optional | Proxy authentication username |
captcha.payload.proxy.password |
string | optional | Proxy authentication password |
* Required only if the parent object (proxy) is provided
Example Request
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: {
token: 'YOUR_API_KEY'
},
context: {
source: 'api',
version: '1.0.0'
},
captcha: {
type: 'CLOUDFLARE_CHALLENGE_TOKEN',
metadata: {
siteUrl: 'https://protected-site.com/page'
},
payload: {
userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
}
}
})
});
const data = await response.json();
console.log('Task ID:', data.task.id);import requests
response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
json={
'auth': {'token': 'YOUR_API_KEY'},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'CLOUDFLARE_CHALLENGE_TOKEN',
'metadata': {
'siteUrl': 'https://protected-site.com/page'
},
'payload': {
'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
'proxy': {
'protocol': 'http',
'host': '1.2.3.4',
'port': 8080,
'username': 'proxyuser',
'password': 'proxypass'
}
}
}
}
)
data = response.json()
print('Task ID:', data['task']['id'])curl -X POST https://solver-api.mydisct.com/createTask \
-H "Content-Type: application/json" \
-H "apikey: YOUR_API_KEY" \
-d '{
"auth": {"token": "YOUR_API_KEY"},
"context": {"source": "api", "version": "1.0.0"},
"captcha": {
"type": "CLOUDFLARE_CHALLENGE_TOKEN",
"metadata": {
"siteUrl": "https://protected-site.com/page"
},
"payload": {
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"proxy": {
"protocol": "http",
"host": "1.2.3.4",
"port": 8080,
"username": "proxyuser",
"password": "proxypass"
}
}
}
}'Response Format
Create Task Response (Processing)
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha task created successfully",
"task": {
"id": "MyDisctSolver_abc123",
"status": "processing"
}
}Fetch Result Response (Processing)
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_abc123",
"status": "processing"
}
}Fetch Result Response (Completed)
{
"success": true,
"service": "MyDisct Solver",
"message": "Cloudflare challenge solved successfully",
"task": {
"id": "MyDisctSolver_abc123",
"status": "completed",
"result": {
"cookies": {
"cf_clearance": "xyz789abcdef...",
"__cf_bm": "abc123def456..."
},
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
"timestamp": "2025-11-05T12:00:25.000Z"
}
}
}Response Fields
| Field | Type | Description |
|---|---|---|
result.cookies |
object | Plain key-value object of cookies obtained during the challenge bypass. Each key is the cookie name and each value is the cookie value string. |
result.cookies.cf_clearance |
string | Primary Cloudflare clearance cookie. Required for all subsequent requests to the protected site. |
result.cookies.__cf_bm |
string | Cloudflare bot management cookie. Must be included alongside cf_clearance for full session validity. |
result.user_agent |
string | The exact user agent used during challenge solving. Must be forwarded with all requests that use these cookies. |
Cloudflare binds clearance cookies to both the IP address and the user agent used during solving.
You must forward the exact user_agent value returned in the response as the
User-Agent header in all subsequent requests. Using a different user agent will
trigger a new challenge immediately.
Implementation Guide
Step 1: Detect Cloudflare Challenge
function isCloudflareChallenge(responseStatus, responseBody) {
if (responseStatus === 403 || responseStatus === 503) {
return (
responseBody.includes('Checking your browser') ||
responseBody.includes('cf-browser-verification') ||
responseBody.includes('cf-challenge-running') ||
responseBody.includes('Just a moment') ||
responseBody.includes('cf_clearance')
);
}
return false;
}
async function checkForChallenge(url) {
const response = await fetch(url);
const body = await response.text();
if (isCloudflareChallenge(response.status, body)) {
console.log('Cloudflare challenge detected at:', url);
return true;
}
return false;
}Step 2: Solve Cloudflare Challenge
async function solveCloudflareChallenge(siteUrl, proxyConfig) {
const createResponse = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'CLOUDFLARE_CHALLENGE_TOKEN',
metadata: { siteUrl },
payload: {
userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
proxy: proxyConfig
}
}
})
});
const createData = await createResponse.json();
if (!createData.success) throw new Error(createData.error.message);
const taskId = createData.task.id;
while (true) {
await new Promise(resolve => setTimeout(resolve, 5000));
const resultResponse = await fetch('https://solver-api.mydisct.com/fetchResult', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({ taskId })
});
const resultData = await resultResponse.json();
if (resultData.task.status === 'completed') {
return resultData.task.result;
} else if (resultData.task.status === 'failed') {
throw new Error('Cloudflare challenge solving failed');
}
}
}
const result = await solveCloudflareChallenge('https://protected-site.com/page', {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
});
console.log('Clearance cookies:', result.cookies);
console.log('User agent:', result.user_agent);Step 3: Build Cookie Header and Make Requests
function buildCookieHeader(cookies) {
return Object.entries(cookies)
.map(([name, value]) => `${name}=${value}`)
.join('; ');
}
async function makeRequestWithClearance(url, clearanceResult) {
const cookieHeader = buildCookieHeader(clearanceResult.cookies);
const response = await fetch(url, {
headers: {
'User-Agent': clearanceResult.user_agent,
'Cookie': cookieHeader,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate, br',
'Connection': 'keep-alive'
}
});
return response;
}
const clearanceResult = await solveCloudflareChallenge('https://protected-site.com', {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
});
const protectedResponse = await makeRequestWithClearance(
'https://protected-site.com/api/data',
clearanceResult
);
console.log('Status:', protectedResponse.status);Python Example
import requests
import time
def solve_cloudflare_challenge(site_url, proxy_config, api_key):
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'CLOUDFLARE_CHALLENGE_TOKEN',
'metadata': {'siteUrl': site_url},
'payload': {
'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
'proxy': proxy_config
}
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created: {task_id}')
while True:
time.sleep(5)
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']
elif result_data['task']['status'] == 'failed':
raise Exception('Cloudflare challenge solving failed')
print('Waiting for solution...')
def make_request_with_clearance(url, clearance_result):
cookies = clearance_result['cookies']
response = requests.get(
url,
headers={
'User-Agent': clearance_result['user_agent'],
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5'
},
cookies=cookies
)
return response
clearance_result = solve_cloudflare_challenge(
site_url='https://protected-site.com',
proxy_config={
'protocol': 'http',
'host': '1.2.3.4',
'port': 8080,
'username': 'proxyuser',
'password': 'proxypass'
},
api_key='YOUR_API_KEY'
)
print('Cookies received:', list(clearance_result['cookies'].keys()))
print('User agent:', clearance_result['user_agent'])
protected_response = make_request_with_clearance(
'https://protected-site.com/api/data',
clearance_result
)
print(f'Protected page status: {protected_response.status_code}')Best Practices
- IP Consistency: Always use the same proxy IP for both the challenge solving request and all subsequent requests to the protected site
- User Agent Forwarding: Always use the exact
user_agentvalue returned in the response — never substitute it with your own - Full Cookie Object: Forward all cookies from the returned object, not just
cf_clearance— Cloudflare validates multiple cookies together - Polling Interval: Use 5-second polling intervals — Cloudflare challenges typically take 15 to 45 seconds to complete
- Session Reuse: Reuse the same clearance cookies across multiple requests to avoid re-solving the challenge for each one
- Cookie Expiry: Clearance cookies have a limited lifespan. If a challenge reappears, solve a fresh one before retrying
- Detection Check: Always check whether a response contains a Cloudflare challenge page before assuming the request succeeded
Common Issues
Solution: Ensure that the exact user_agent returned in the result is
forwarded as the User-Agent header. Also verify that the same proxy IP is used for all
follow-up requests. Cloudflare validates both values.
Solution: Include all cookies from the returned object, not only cf_clearance.
Missing cookies such as __cf_bm can cause Cloudflare to re-challenge the session. If the
cookies have expired, solve a new challenge before retrying.
Solution: Cloudflare challenges can take 15 to 45 seconds depending on the protection level of the site. Ensure your polling loop has a sufficiently high maximum retry count and that you are waiting 5 seconds between each fetch attempt.
Solution: Verify that your proxy is active and reachable. Cloudflare rate-limits certain IP ranges, so if one proxy is being rejected consistently, try rotating to a different proxy from a different subnet or provider.