Akamai
This API generates human-like data based on the most recent chrome browser version on Windows. It is recommended to match the latest TLS and UserAgent of the newest chrome version when using this API on a site.
The latest chrome useragents can be found here. It is perfectly fine to use only one useragent for all your requests.
Note that all request payloads to this API should be sent as application/json.
It is advised to use one of the sdks that were written for this API. Feel free to contact me about them.
Generate sensor data
Generates sensor data that should be posted in order to acquire valid "_abck" cookies
The Content-Type of the request body
Your API key for authentication
The "_abck" cookie to generate sensor data with. This should be obtained from your cookie jar. The cookie for the first request should be from doing a GET request to the script endpoint.
The "bm_sz" cookie to generate sensor data with.
The page URL to insert into the generated sensor data. This should be the URL of the page you're currently on, like a product page, login page or home page.
The Akamai version that the site is on. Supported values are "2" and "3". When using v3 dynamic, set this value to "3".
The userAgent that you're using for the entire session
Script contents as string. Mutually exclusive with context. Should only be sent on first sensor request.
The script URL that you are posting sensor data to.
The IP that is used to post the sensor data to the target site. You can use /ip to get the IP from a connection. If you are not using proxies, this will be the IPv4 or IPv6 address of your pc.
Your accept-language header.
Leave empty for first sensor, update with context string from response for later sensors.
OK Sensor data successfully generated
Bad Request Error occurred
Forbidden Authentication error
{
"payload": "text",
"context": "text"
}Sbsd
Sbsd is a new challenge meant to block scrapings from accessing HTML. You will find it with a blocking page that looks like this:
<html>
<head>
<script type="text/javascript" src="https://example.com/assets/33eb14c569f53cae79b60dac7ccf7fcaf0012483407" async ></script><script src="/.well-known/sbsd?v=7ac10a5c-7a4e-fddd-611f-39dcf23f1722&t=99543528"></script>
<script>
(function() {
var proxied = window.XMLHttpRequest.prototype.send;
window.XMLHttpRequest.prototype.send = function() {
var pointer = this
var intervalId = window.setInterval(function(){
if (pointer.readyState != 4){
return;
}
location.reload(true)
clearInterval(intervalId);
}, 1);
return proxied.apply(this, [].slice.call(arguments));
};
})();
</script>
</head>
<body>
</body>
</html>It is important to parse the UUID, this can be done with the following regex:
v=(.*?)&After parsing the UUID you can make a request to my API with the following API Reference:
Generates sbsd payload that should be posted in order to get around sbsd page
The Content-Type of the request body
Your API key for authentication
Always set to 0 when solving sbsd challenge with t parameter. Otherwise start from 0 and keep incrementing. On some sites, posting 2 sbsd sensors gives much better success rates.
This should be the URL of the page you're currently on, like a product page, login page or home page. It's also the referer on the sbsd post request in browser.
The uuid of the sbsd challenge (https://example.com/.well-known/sbsd?v=dcc78710-14fe-3835-cc6e-b9b5ea3b6010). uuid is dcc78710-14fe-3835-cc6e-b9b5ea3b6010 on this url.
The userAgent that you're using for the entire session
The "sbsd_o" cookie value, if "sbsd_o" is not present, use the cookie value from "bm_so".
The script body as a string.
Your accept-language header.
The IP that is used to post the sensor data to the target site. You can use /ip to get the IP from a connection. If you are not using proxies, this will be the IPv4 or IPv6 address of your pc.
OK Sbsd payload successfully generated
Bad Request Error occurred
Forbidden Authentication error
{
"payload": "text"
}You can then post the payload string to the following endpoint:
https://example.com/.well-known/sbsdMaking a new GET request to the same page (make sure that cookies are included in this request) it will show you the full HTML.
Pixel
Pixel is not required by most sites. Please discuss with support first if you think the site requires it. Your site having the pixel script does not mean it has pixel enforced.
Generate pixel payload
Generates a pixel payload to use to obtain a "ak_bmsc" cookie. Note that the payload returned is already url-encoded.
The Content-Type of the request body
Your API key for authentication
The bazadebezolkohpepadr value.
The u value that gets sent in the payload. It's hidden somewhere in the first array in the pixel script.
The userAgent that you're using for your whole session.
Your accept-language header.
The IP that is used to post the sensor data to the target site. You can use /ip to get the IP from a connection. If you are not using proxies, this will be the IPv4 or IPv6 address of your pc.
OK Pixel payload successfully generated
Bad Request Error occurred
Forbidden Authentication error
{
"payload": "text"
}Last updated