hCaptcha Enterprise Token Solving
Solve hCaptcha Enterprise token challenges programmatically with premium accuracy. hCaptcha Enterprise uses advanced security features with 99.8% success rate.
Important: Site-Specific Token Limitation
Tokens generated for hCaptcha Enterprise may not be valid across all websites. Each site can enforce its own enterprise configuration, meaning a token solved for one domain might be rejected on another. Our team is actively working on improving this. In the meantime, you can use our BBRE technology simply send your requests like you normally would, and all anti-detect, captcha solving, and fingerprinting operations are handled on MyDisct Solver's BBRE servers. This way, you can complete your projects directly with BBRE without needing to use the hCaptcha Enterprise Token service.
What is hCaptcha Enterprise Token?
hCaptcha Enterprise is the premium version designed for high-security applications. It includes enhanced bot detection, enterprise-grade analytics, and advanced challenge types. Token-based solving bypasses visual challenges entirely, returning a verification token for form submission.
Captcha Type
Use the following captcha type identifier in your API requests:
"type": "HCAPTCHA_ENTERPRISE_TOKEN"Request Format
POST
/createTask
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
auth.token |
string | required | Your API key |
captcha.type |
string | required | Must be "HCAPTCHA_ENTERPRISE_TOKEN" |
captcha.metadata.siteUrl |
string | required | The URL where the captcha appears |
captcha.metadata.siteKey |
string | required | hCaptcha Enterprise site key (data-sitekey attribute) |
captcha.payload.invisible |
boolean | optional | Set to true for invisible hCaptcha Enterprise (default: false) |
captcha.payload.rqdata |
string | optional | Enterprise challenge context data. Required for most high-security sites (Discord, etc.). Extract from page source or network requests. |
captcha.payload.rqtoken |
string | optional | hCaptcha Enterprise session/telemetry token. Separate from rqdata — obtained from the site's hCaptcha SDK initialization or prior API responses. Provides additional trust signals when available. |
captcha.payload.cookies |
array | optional | Array of cookie objects (see Cookie Object Structure below) |
captcha.payload.cookies[].name |
string | required* | Cookie name |
captcha.payload.cookies[].value |
string | required* | Cookie value |
captcha.payload.cookies[].domain |
string | required* | Cookie domain (e.g., ".discord.com") |
captcha.payload.cookies[].path |
string | optional | Cookie path (defaults to "/") |
captcha.payload.userAgent |
string | optional | User agent string (recommended with rqdata) |
captcha.payload.proxy |
object | optional | Proxy configuration (optional but recommended) |
captcha.payload.proxy.protocol |
string | required* | Proxy protocol: "http", "https", "socks4", or "socks5" |
captcha.payload.proxy.host |
string | required* | Proxy IP address or hostname |
captcha.payload.proxy.port |
number | required* | Proxy port number |
captcha.payload.proxy.username |
string | optional | Proxy authentication username |
captcha.payload.proxy.password |
string | optional | Proxy authentication password |
* Required only if parent object (proxy/cookies) is provided
Cookie Object Structure
About Cookies
Cookies are used to maintain session state and pass important authentication data. For platforms like Discord,
cookies such as __dcfduid, __sdcfduid, and __cf_bm are essential for
successful Enterprise hCaptcha solving. Extract cookies from your browser's DevTools (Application → Cookies).
Example Request
JavaScript
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: {
token: 'YOUR_API_KEY'
},
context: {
source: 'api',
version: '1.0.0'
},
captcha: {
type: 'HCAPTCHA_ENTERPRISE_TOKEN',
metadata: {
siteUrl: 'https://discord.com/register',
siteKey: 'f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34'
},
payload: {
invisible: true,
rqdata: 'custom_rqdata_value',
rqtoken: 'optional_rqtoken_value', // optional, if available from site SDK
userAgent: 'Mozilla/5.0...',
cookies: [
{
name: '__cf_bm',
value: '8x...s',
domain: '.discord.com'
},
{
name: '__dcfduid',
value: '7a...f',
domain: '.discord.com',
path: '/'
},
{
name: '__sdcfduid',
value: '9b...e',
domain: '.discord.com',
path: '/'
}
],
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
}
}
})
});
const data = await response.json();
console.log('Task ID:', data.task.id);Response Format
Create Task Response (Processing)
{
"success": true,
"service": "MyDisct Solver",
"message": "Task created successfully",
"task": {
"id": "MyDisctSolver_abc123",
"status": "processing",
"timestamp": "2025-11-05T12:00:00.000Z"
}
}Fetch Result Response (Processing)
{
"success": true,
"service": "MyDisct Solver",
"task": {
"id": "MyDisctSolver_abc123",
"status": "processing",
"timestamp": "2025-11-05T12:00:00.000Z"
}
}Fetch Result Response (Completed)
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha solved successfully",
"task": {
"id": "MyDisctSolver_abc123",
"status": "completed",
"result": {
"token": "P1_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"timestamp": "2025-11-05T12:00:15.000Z"
}
}
}
Understanding the Response
The token field contains the hCaptcha Enterprise response token. This token should be
submitted in the h-captcha-response field of your form or API request. Enterprise tokens
are compatible with standard hCaptcha verification endpoints.
Implementation Guide
Step 1: Extract hCaptcha Enterprise Site Key
// Method 1: From iframe
function getHCaptchaEnterpriseSiteKey() {
const iframe = document.querySelector('iframe[src*="hcaptcha.com"]');
if (iframe) {
const src = iframe.src;
const match = src.match(/sitekey=([^&]+)/);
return match ? match[1] : null;
}
const hcaptchaDiv = document.querySelector('[data-sitekey]');
if (hcaptchaDiv) {
return hcaptchaDiv.getAttribute('data-sitekey');
}
const scripts = document.querySelectorAll('script');
for (const script of scripts) {
const match = script.textContent.match(/sitekey['"s:]+([a-f0-9-]+)/i);
if (match) {
return match[1];
}
}
return null;
}
const siteKey = getHCaptchaEnterpriseSiteKey();
console.log('Enterprise Site Key:', siteKey);Step 2: Extract rqdata (Required for Enterprise)
// Extract rqdata from page or API
function getRqdata() {
const rqdataInput = document.querySelector('input[name="rqdata"]');
if (rqdataInput) {
return rqdataInput.value;
}
const scripts = document.querySelectorAll('script');
for (const script of scripts) {
const match = script.textContent.match(/rqdata['"s:]+([^'"s]+)/);
if (match) {
return match[1];
}
}
return null;
}
const rqdata = getRqdata();
console.log('rqdata:', rqdata);Step 3: Extract rqtoken (Optional, Advanced)
// rqtoken is a session/telemetry token generated by hCaptcha's SDK at runtime.
// It is separate from rqdata and is NOT always present.
// When available, it improves solve accuracy for highly secured sites.
function getRqtoken() {
// Method 1: Sometimes embedded in page scripts
const scripts = document.querySelectorAll('script');
for (const script of scripts) {
const match = script.textContent.match(/rqtoken['"s:]+([^'"s,}]+)/);
if (match) return match[1];
}
// Method 2: Intercepted from hCaptcha SDK network calls (via proxy/extension)
// Look for the "rqtoken" field in requests to hcaptcha.com/getcaptcha
// or in the hCaptcha widget's JS context: window.hcaptcha._token or similar
return null; // If not found, omit from payload - rqdata alone is sufficient
}
const rqtoken = getRqtoken();
console.log('rqtoken:', rqtoken); // May be null — that is OKStep 4: Extract Cookies (Recommended for Enterprise)
// Extract cookies from browser
function getRelevantCookies(domain) {
const cookies = document.cookie.split(';').map(c => {
const [name, value] = c.trim().split('=');
return { name, value, domain };
});
async function getCookiesFromExtension(domain) {
return new Promise((resolve) => {
chrome.cookies.getAll({ domain }, (cookies) => {
resolve(cookies.map(c => ({
name: c.name,
value: c.value,
domain: c.domain,
path: c.path || '/'
})));
});
});
}
return cookies;
}
const cookies = await getCookiesFromExtension('.discord.com');
console.log('Cookies:', cookies);
const importantCookies = cookies.filter(c =>
['__dcfduid', '__sdcfduid', '__cf_bm', 'locale'].includes(c.name)
);
Step 5: Solve hCaptcha Enterprise Token with Cookies
async function solveHCaptchaEnterpriseWithCookies(siteUrl, siteKey, rqdata, rqtoken, cookies) {
const payload = {
rqdata: rqdata,
userAgent: navigator.userAgent,
cookies: cookies // Include extracted cookies
};
// rqtoken is optional — only include if available
if (rqtoken) payload.rqtoken = rqtoken;
const createResponse = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'HCAPTCHA_ENTERPRISE_TOKEN',
metadata: { siteUrl, siteKey },
payload
}
})
});
const createData = await createResponse.json();
if (!createData.success) throw new Error(createData.error.message);
const taskId = createData.task.id;
while (true) {
await new Promise(resolve => setTimeout(resolve, 5000));
const resultResponse = await fetch('https://solver-api.mydisct.com/fetchResult', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({ taskId })
});
const resultData = await resultResponse.json();
if (resultData.task.status === 'completed') {
return resultData.task.result.token;
} else if (resultData.task.status === 'failed') {
throw new Error('Enterprise token solving failed');
}
}
}
const cookies = [
{ name: '__dcfduid', value: '7a...f', domain: '.discord.com', path: '/' },
{ name: '__sdcfduid', value: '9b...e', domain: '.discord.com', path: '/' },
{ name: '__cf_bm', value: '8x...s', domain: '.discord.com', path: '/' }
];
const token = await solveHCaptchaEnterpriseWithCookies(
'https://discord.com/register',
'f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34',
'custom_rqdata_value',
rqtoken, // pass null if not available — rqdata alone is sufficient
cookies
);
console.log('hCaptcha Enterprise Token:', token);Step 6: Submit Token with Form
// Method 1: Submit with form data
async function submitFormWithEnterpriseToken(token) {
const formData = new FormData();
formData.append('username', 'myusername');
formData.append('password', 'mypassword');
formData.append('h-captcha-response', token);
const response = await fetch('https://example.com/register', {
method: 'POST',
body: formData
});
return await response.json();
}
function injectEnterpriseTokenIntoForm(token) {
let responseField = document.querySelector('[name="h-captcha-response"]');
if (!responseField) {
responseField = document.createElement('textarea');
responseField.name = 'h-captcha-response';
responseField.style.display = 'none';
document.querySelector('form').appendChild(responseField);
}
responseField.value = token;
document.querySelector('form').submit();
}
await submitFormWithEnterpriseToken(token);Python Example
Basic Example
Python
import requests
import time
def solve_hcaptcha_enterprise_token(site_url, site_key, rqdata, api_key):
"""Solve hCaptcha Enterprise token challenge"""
# Step 1: Create task
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'HCAPTCHA_ENTERPRISE_TOKEN',
'metadata': {
'siteUrl': site_url,
'siteKey': site_key
},
'payload': {
'rqdata': rqdata, # Required for Enterprise
'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'
}
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created: {task_id}')
# Step 2: Poll for result (Enterprise takes longer)
while True:
time.sleep(5) # Wait 5 seconds
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']['token']
elif result_data['task']['status'] == 'failed':
raise Exception('Enterprise token solving failed')
print('Waiting for solution...')
# Example usage
token = solve_hcaptcha_enterprise_token(
site_url='https://discord.com/register',
site_key='f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34',
rqdata='custom_rqdata_value',
api_key='YOUR_API_KEY'
)
print(f'hCaptcha Enterprise Token: {token}')
# Submit with form
response = requests.post(
'https://discord.com/api/v9/auth/register',
data={
'email': '[email protected]',
'username': 'newuser',
'password': 'securepassword',
'captcha_key': token
}
)
print(f'Registration response: {response.status_code}')Example with Cookies
Python
import requests
import time
def solve_hcaptcha_enterprise_with_cookies(site_url, site_key, rqdata, cookies, api_key):
"""Solve hCaptcha Enterprise with cookies for better success rate"""
# Step 1: Create task with cookies
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'HCAPTCHA_ENTERPRISE_TOKEN',
'metadata': {
'siteUrl': site_url,
'siteKey': site_key
},
'payload': {
'rqdata': rqdata,
'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
'cookies': cookies # Include cookies for better success rate
}
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created with cookies: {task_id}')
# Step 2: Poll for result
while True:
time.sleep(5)
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']['token']
elif result_data['task']['status'] == 'failed':
raise Exception('Enterprise token solving failed')
print('Waiting for solution...')
# Example: Extract cookies from browser session
cookies = [
{
'name': '__dcfduid',
'value': '7a2b...3f4e',
'domain': '.discord.com',
'path': '/'
},
{
'name': '__sdcfduid',
'value': '9b1c...5e6f',
'domain': '.discord.com',
'path': '/'
},
{
'name': '__cf_bm',
'value': '8x3y...7z9a',
'domain': '.discord.com',
'path': '/'
},
{
'name': 'locale',
'value': 'en-US',
'domain': '.discord.com',
'path': '/'
}
]
# Solve with cookies
token = solve_hcaptcha_enterprise_with_cookies(
site_url='https://discord.com/register',
site_key='f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34',
rqdata='custom_rqdata_value',
cookies=cookies,
api_key='YOUR_API_KEY'
)
print(f'hCaptcha Enterprise Token: {token}')
# Submit with the token
response = requests.post(
'https://discord.com/api/v9/auth/register',
headers={
'Content-Type': 'application/json',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'
},
json={
'email': '[email protected]',
'username': 'newuser',
'password': 'securepassword',
'captcha_key': token
}
)
print(f'Registration response: {response.status_code}')
print(f'Response body: {response.json()}')Best Practices
Recommendations
- rqdata Parameter: Always include the rqdata parameter for Enterprise hCaptcha — it's required for most implementations and significantly improves solve accuracy
- rqtoken Parameter: Include rqtoken when available (obtained from the site's hCaptcha SDK at runtime). It is optional but provides additional trust signals that can improve success rates on highly secured platforms. If not available, rqdata alone is sufficient
- User Agent: Use a realistic user agent string that matches the target platform for better success rates
- Polling Intervals: Enterprise tokens take longer (8-15 seconds), use 5-second polling intervals instead of shorter ones
- Site URL Matching: Ensure the site URL exactly matches where the captcha appears (including protocol and path)
- Token Expiration: Enterprise tokens expire after 2 minutes, use them immediately after receiving
- Error Handling: Implement retry logic for failed Enterprise token requests with exponential backoff
- Cookies: Include relevant cookies (like __dcfduid, __sdcfduid, __cf_bm) for platforms like Discord to improve success rate
- Proxy Usage: Consider using proxies for sensitive platforms to avoid IP-based detection
Common Issues
Issue: Enterprise token rejected
Solution: Ensure you're using the correct rqdata parameter. For platforms like Discord, the rqdata is generated server-side and must be extracted from the page or API response.
Issue: Token takes too long to generate
Solution: Enterprise hCaptcha uses more sophisticated challenges. Expect 8-15 second solve times. Increase your polling timeout accordingly.
Issue: Wrong site key for Enterprise
Solution: Enterprise site keys are different from regular hCaptcha keys. Make sure you're extracting the correct site key from the Enterprise implementation.