Kasada

Tip: Use one of the SDKs below instead of directly calling the API.

Since the request body of the requests will be large, it is highly recommended to apply compression to your request body first. We support the following compression methods: "gzip", "br" and "deflate".

Don't forget to set the content-encoding header. More info here: Compression

Generate challenge token (ct)

Generate Kasada payload

post

Generates a payload to be used in the /tl POST request

Header parameters

Content-Typestring · enumRequired

The Content-Type of the request body

Possible values:

x-api-keystringRequired

Your API key for authentication

Body

userAgentstringRequired

The User-Agent string of the browser

scriptstringRequired

The script content as a string.

ipsLinkstringRequired

The IPS link obtained from the Kasada block page

acceptLanguagestringRequired

Your accept-language header.

ipstringRequired

The IP that is used to post the sensor data to the target site. You can use /ip to get the IP from a connection. If you are not using proxies, this will be the IPv4 or IPv6 address of your pc.

Responses

200

OK Payload successfully generated

application/json

payloadstringOptional

The generated Kasada protection payload

400

Bad Request Error occurred

application/json

403

Forbidden Authentication error

application/json

{
  "headers": {
    "x-kpsdk-ct": "text",
    "x-kpsdk-dt": "text",
    "x-kpsdk-v": "text",
    "x-kpsdk-r": "text",
    "x-kpsdk-dv": "text",
    "x-kpsdk-h": "text",
    "x-kpsdk-fc": "text",
    "x-kpsdk-im": "text"
  },
  "payload": "text"
}

Generate challenge data (cd)

Get challenge POW

post

Retrieves a challenge POW (x-kpsdk-cd)

Header parameters

Content-Typestring · enumRequired

The Content-Type of the request body

Possible values:

x-api-keystringRequired

Your API key for authentication

Body

stintegerRequired

Timestamp retrieved from the x-kpsdk-st response header of the /tl request

ctstringRequired

Value retrieved from the x-kpsdk-ct response header of the /tl request

workTimeintegerOptional

Custom workTime value if you are generating POWs in advance

fcstringOptional

Only used on specific sites. Inquire if your site makes a GET request to /mfc.

domainstringRequired

The domain of the p.js url

Responses

200

OK POW successfully generated

application/json

payloadstringOptional

The cd value

400

Bad Request Error occurred

application/json

403

Forbidden Authentication error

application/json

{
  "payload": "text"
}

Generate Vercel BotID (x-is-human)

Generate x-is-human header

post

Generates a x-is-human header to be used on endpoints protected by Vercel BotID

Header parameters

Content-Typestring · enumRequired

The Content-Type of the request body

Possible values:

x-api-keystringRequired

Your API key for authentication

Body

userAgentstringRequired

The User-Agent string of the browser

scriptstringRequired

The script content as a string.

acceptLanguagestringRequired

Your accept-language header.

ipstringRequired

The IP that is used to interact with the target site. You can use /ip to get the IP from a connection. If you are not using proxies, this will be the IPv4 or IPv6 address of your pc.

Responses

200

OK Payload successfully generated

application/json

payloadstringOptional

The generated x-is-human header value

400

Bad Request Error occurred

application/json

403

Forbidden Authentication error

application/json

{
  "payload": "text"
}

PreviousDataDome NextTLS Fingerprinting

Last updated 2 months ago

hashtagGenerate challenge token (ct)

hashtagGenerate Kasada payload

hashtagGenerate challenge data (cd)

hashtagGet challenge POW

hashtagGenerate Vercel BotID (x-is-human)

hashtagGenerate x-is-human header

Generate challenge token (ct)

Generate Kasada payload

Generate challenge data (cd)

Get challenge POW

Generate Vercel BotID (x-is-human)

Generate x-is-human header