Overview
Scrapingbypass API provides a seamless solution to solve Cloudflare’s security measures, including WAF, JavaScript Challenges (5s shield), and Turnstile. By integrating our API, you can automate data collection from protected targets without being blocked.
This documentation covers the HTTPS API implementation. For advanced integration, refer to our SDKs or local proxy tools.
Endpoint Configuration
All requests must be routed through the primary API gateway using the HTTPS protocol.
- API Endpoint:
https://api.scrapingbypass.com
Required Request Headers
To authenticate and route your request, include the following custom headers:
| Header | Description |
|---|---|
x-cb-apikey | Your unique API key for authentication. |
x-cb-host | The target server hostname (e.g., for https://www.example.com/path, use www.example.com). |
x-cb-proxy | Sets the proxy server. V1 supports optional proxies; V2 requires a fixed or time-sensitive residential/ISP proxy. |
Version Comparison & Session Management
V1: Stateless Requests
- Behavior: Every request is independent and stateless.
- Proxying: Uses default dynamic proxies unless a custom
x-cb-proxyis specified. - Best Use: Simple bypass scenarios without complex JS challenges.
V2: Stateful Browser Impersonation
- Behavior: Automatically handles JS challenges and browser fingerprinting.
- Session Persistence: Once a challenge is solved, the session (cookies and clearance) is stored for 10 minutes.
- Auto-Renewal: Successful subsequent requests automatically extend the session lifetime.
- Isolation: Use the
x-cb-partheader to define session partitions, allowing you to manage multiple isolated browser contexts simultaneously.
Implementation Guide
Basic V1 Request (Stateless)
curl --request GET 'https://api.scrapingbypass.com/path' \
--header 'x-cb-apikey: YOUR_API_KEY' \
--header 'x-cb-host: www.example.com' \
--header 'x-cb-proxy: http://user:pass@proxy_ip:port'
Advanced V2 Request (Stateful/Challenge Solving)
To solve JS challenges, you must use V2 logic by ensuring your proxy remains consistent and utilizing session partitions if needed.
curl --request POST 'https://api.scrapingbypass.com/login' \
--header 'x-cb-apikey: YOUR_API_KEY' \
--header 'x-cb-host: www.example.com' \
--header 'x-cb-proxy: http://user:pass@fixed_proxy_ip:port' \
--header 'x-cb-part: 0' \
--header 'Content-Type: application/json' \
--data-raw '{"username": "admin", "password": "password"}'
Critical Requirement
Scrapingbypass API V2 requires a stable
x-cb-proxyto maintain the integrity of the TLS/JA3 fingerprint. Changing the proxy during an active 10-minute session will result in session invalidation and a 403 Forbidden response from the target WAF.