hCaptcha Token Solving
Solve hCaptcha token challenges programmatically. Token-based hCaptcha returns a verification token that can be submitted with your form, bypassing the visual challenge entirely.
What is hCaptcha Token?
hCaptcha Token solving generates a valid response token without requiring image selection. This is useful for invisible hCaptcha, checkbox hCaptcha, or when you need to automate form submissions.
Captcha Type
Use the following captcha type identifier in your API requests:
"type": "HCAPTCHA_TOKEN"Request Format
POST
/createTask
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
auth.token |
string | required | Your API key |
captcha.type |
string | required | Must be "HCAPTCHA_TOKEN" |
captcha.metadata.siteUrl |
string | required | The URL where the captcha appears |
captcha.metadata.siteKey |
string | required | hCaptcha site key (data-sitekey attribute) |
captcha.payload.invisible |
boolean | optional | Set to true for invisible hCaptcha |
captcha.payload.rqdata |
string | optional | Custom rqdata parameter (for Discord, etc.) |
captcha.payload.userAgent |
string | optional | User agent string (recommended with rqdata) |
captcha.payload.proxy |
object | optional | Proxy configuration object |
captcha.payload.proxy.protocol |
string | required* | Proxy protocol: "http", "https", "socks4", "socks5" |
captcha.payload.proxy.host |
string | required* | Proxy IP address |
captcha.payload.proxy.port |
number | required* | Proxy port number |
captcha.payload.proxy.username |
string | optional | Proxy authentication username |
captcha.payload.proxy.password |
string | optional | Proxy authentication password |
* Required only if proxy object is provided
Example Request
JavaScript
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: {
token: 'YOUR_API_KEY'
},
context: {
source: 'api',
version: '1.0.0'
},
captcha: {
type: 'HCAPTCHA_TOKEN',
metadata: {
siteUrl: 'https://example.com/login',
siteKey: 'a5f74b19-9e45-40e0-b45d-47ff91b7a6c2'
},
payload: {
invisible: false,
userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
proxy: {
protocol: 'http',
host: '1.2.3.4',
port: 8080,
username: 'proxyuser',
password: 'proxypass'
}
}
}
})
});
const data = await response.json();
console.log('Task ID:', data.task.id);
Response Format
Create Task Response (Processing)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_abc123def456",
"status": "processing"
}
}
Fetch Result Response (Processing)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha is being processed",
"task": {
"id": "MyDisctSolver_abc123def456",
"status": "processing"
}
}
Fetch Result Response (Completed)
JSON
{
"success": true,
"service": "MyDisct Solver",
"message": "Captcha solved successfully",
"task": {
"id": "MyDisctSolver_abc123def456",
"status": "completed",
"result": {
"token": "P1_eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"timestamp": "2025-11-05T12:34:56.789Z"
}
}
}
Understanding the Response
The token field contains the hCaptcha response token. This token should be submitted
in the h-captcha-response field of your form or API request.
Implementation Guide
Step 1: Extract hCaptcha Site Key
First, find the hCaptcha site key from the page:
JavaScript
// Method 1: From iframe
function getHCaptchaSiteKey() {
const iframe = document.querySelector('iframe[src*="hcaptcha.com"]');
if (iframe) {
const src = iframe.src;
const match = src.match(/sitekey=([^&]+)/);
return match ? match[1] : null;
}
const hcaptchaDiv = document.querySelector('[data-sitekey]');
if (hcaptchaDiv) {
return hcaptchaDiv.getAttribute('data-sitekey');
}
const scripts = document.querySelectorAll('script');
for (const script of scripts) {
const match = script.textContent.match(/sitekey['"\s:]+([a-f0-9-]+)/i);
if (match) {
return match[1];
}
}
return null;
}
const siteKey = getHCaptchaSiteKey();
console.log('Site Key:', siteKey);
Step 2: Solve hCaptcha Token
JavaScript
async function solveHCaptchaToken(siteUrl, siteKey) {
const createResponse = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'HCAPTCHA_TOKEN',
metadata: { siteUrl, siteKey },
payload: {
userAgent: navigator.userAgent
}
}
})
});
const createData = await createResponse.json();
if (!createData.success) {
throw new Error(createData.error.message);
}
const taskId = createData.task.id;
while (true) {
await new Promise(resolve => setTimeout(resolve, 5000)); // Wait 5 seconds
const resultResponse = await fetch('https://solver-api.mydisct.com/fetchResult', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({ taskId })
});
const resultData = await resultResponse.json();
if (resultData.task.status === 'completed') {
return resultData.task.result.token;
} else if (resultData.task.status === 'failed') {
throw new Error('Token solving failed');
}
}
}
const token = await solveHCaptchaToken(
'https://example.com/login',
'a5f74b19-9e45-40e0-b45d-47ff91b7a6c2'
);
console.log('hCaptcha Token:', token);
Step 3: Submit Token with Form
JavaScript
// Method 1: Submit with form data
async function submitFormWithToken(token) {
const formData = new FormData();
formData.append('username', 'myusername');
formData.append('password', 'mypassword');
formData.append('h-captcha-response', token);
const response = await fetch('https://example.com/login', {
method: 'POST',
body: formData
});
return await response.json();
}
async function submitJsonWithToken(token) {
const response = await fetch('https://example.com/api/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: 'myusername',
password: 'mypassword',
'h-captcha-response': token
})
});
return await response.json();
}
function injectTokenIntoForm(token) {
let responseField = document.querySelector('[name="h-captcha-response"]');
if (!responseField) {
responseField = document.createElement('textarea');
responseField.name = 'h-captcha-response';
responseField.style.display = 'none';
document.querySelector('form').appendChild(responseField);
}
responseField.value = token;
document.querySelector('form').submit();
}
const token = await solveHCaptchaToken(siteUrl, siteKey);
await submitFormWithToken(token);
Python Example
Python
import requests
import time
def solve_hcaptcha_token(site_url, site_key, api_key):
"""
Solve hCaptcha token challenge
Args:
site_url: URL where captcha appears
site_key: hCaptcha site key
api_key: Your MyDisct Solver API key
Returns:
hCaptcha response token
"""
# Step 1: Create task
create_response = requests.post(
'https://solver-api.mydisct.com/createTask',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={
'auth': {'token': api_key},
'context': {'source': 'api', 'version': '1.0.0'},
'captcha': {
'type': 'HCAPTCHA_TOKEN',
'metadata': {
'siteUrl': site_url,
'siteKey': site_key
},
'payload': {}
}
}
)
create_data = create_response.json()
if not create_data['success']:
raise Exception(create_data['error']['message'])
task_id = create_data['task']['id']
print(f'Task created: {task_id}')
# Step 2: Poll for result
while True:
time.sleep(5) # Wait 5 seconds
result_response = requests.post(
'https://solver-api.mydisct.com/fetchResult',
headers={
'Content-Type': 'application/json',
'apikey': api_key
},
json={'taskId': task_id}
)
result_data = result_response.json()
if result_data['task']['status'] == 'completed':
return result_data['task']['result']['token']
elif result_data['task']['status'] == 'failed':
raise Exception('Token solving failed')
print('Waiting for solution...')
# Example usage
token = solve_hcaptcha_token(
site_url='https://example.com/login',
site_key='a5f74b19-9e45-40e0-b45d-47ff91b7a6c2',
api_key='YOUR_API_KEY'
)
print(f'hCaptcha Token: {token}')
# Submit with form
response = requests.post(
'https://example.com/login',
data={
'username': 'myusername',
'password': 'mypassword',
'h-captcha-response': token
}
)
print(f'Login response: {response.status_code}')
Enterprise hCaptcha
For Enterprise hCaptcha (with rqdata parameter), use the HCAPTCHA_ENTERPRISE_TOKEN type:
JavaScript
const response = await fetch('https://solver-api.mydisct.com/createTask', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'YOUR_API_KEY'
},
body: JSON.stringify({
auth: { token: 'YOUR_API_KEY' },
context: { source: 'api', version: '1.0.0' },
captcha: {
type: 'HCAPTCHA_ENTERPRISE_TOKEN',
metadata: {
siteUrl: 'https://discord.com/register',
siteKey: 'f5561ba9-8f1e-40ca-9b5b-a0b3f719ef34',
domain: 'discord.com' // Optional
},
payload: {
invisible: true,
rqdata: 'custom_rqdata_value', // Required for Enterprise
userAgent: navigator.userAgent // Recommended
}
}
})
});
Best Practices
Recommendations
- Always use the exact site URL where the captcha appears
- Include user agent for better success rates
- Poll every 5 seconds for token-based captchas (they take longer than image captchas)
- Cache tokens for a short period if making multiple requests
- Handle token expiration (tokens typically expire after 2 minutes)
- For Enterprise hCaptcha, always include rqdata parameter
Common Issues
Issue: Token rejected by website
Solution: Ensure you're using the correct site key and site URL. The URL must match exactly where the captcha is displayed.
Issue: Token expired
Solution: hCaptcha tokens expire after ~2 minutes. Request a new token if submission takes too long.
Issue: Enterprise hCaptcha not working
Solution: Make sure to use HCAPTCHA_ENTERPRISE_TOKEN type
and include the rqdata parameter.