# Getting started

If you're already familiar with Kasada and wish to implement the API handling yourself, you can skip this and head directly to the [API Reference](https://docs.hypersolutions.co/api-reference/kasada).

{% hint style="info" %}
As with any other antibot, make sure you use a working TLS client that mimics the latest version of Google Chrome, match the headers and header-order 1:1 with browser and make sure you are using an up-to-date User-Agent.
{% endhint %}

### Understanding Kasada Flows

Kasada can be implemented in two different ways depending on the website. It's important to identify which flow you're dealing with:

#### Flow 1: Initial Block Page (429 on Homepage)

Some sites, like Hyatt.com, serve a Kasada challenge immediately when you first access the website. You'll receive a **429 status code** with an HTML block page containing a reference to the `ips.js` script.

**Identifying characteristics:**

* First GET request to the website returns 429 status code
* Response body contains: `<script src="/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/ips.js?..."></script>`
* You must solve the challenge before accessing any content on the site

**When to use this flow:**

* Site blocks you immediately on homepage access
* You see 429 status code with Kasada script reference
* Site reloads after posting `/tl`

[Read the detailed guide →](https://docs.hypersolutions.co/k4sada/flow-1-initial-block-page)

#### Flow 2: Fingerprint Endpoint (/fp)

Most sites implement Kasada by having the browser make a request to the `/fp` (fingerprint) endpoint in the background. This is the standard Kasada implementation.

**Identifying characteristics:**

* Browser makes GET request to `/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/fp`
* This request returns 429 with the `ips.js` script reference
* You can often access the site initially, but need to solve Kasada for protected endpoints
* May require `x-kpsdk-cd` header on subsequent requests

**When to use this flow:**

* You can access the homepage but get challenged on specific endpoints
* Browser makes background request to `/fp` endpoint
* You need to maintain `x-kpsdk-ct` token for ongoing requests

[Read the detailed guide →](https://docs.hypersolutions.co/k4sada/flow-2-fingerprint-endpoint)

### Next Steps

Choose the appropriate flow based on what you observe:

* **Getting 429 immediately on homepage?** → [Flow 1: Initial Block Page](https://docs.hypersolutions.co/k4sada/flow-1-initial-block-page)
* **Browser making /fp requests?** → [Flow 2: Fingerprint Endpoint](https://docs.hypersolutions.co/k4sada/flow-2-fingerprint-endpoint)

Both flows share the same core process of fetching the script, generating a payload, and posting to `/tl`. The main difference is when and where the challenge is triggered.

### Complete Example

For a full working implementation with proper TLS client setup, header ordering, and cookie handling, see our examples repository:

{% embed url="<https://github.com/Hyper-Solutions/hypersolutions-examples>" %}