Scrapingbypass cURL API Documentation

Overview

Scrapingbypass API provides a seamless solution to solve Cloudflare’s security measures, including WAF, JavaScript Challenges (5s shield), and Turnstile. By integrating our API, you can automate data collection from protected targets without being blocked.

This documentation covers the HTTPS API implementation. For advanced integration, refer to our SDKs or local proxy tools.

Endpoint Configuration

All requests must be routed through the primary API gateway using the HTTPS protocol.

  • API Endpoint: https://api.scrapingbypass.com

Required Request Headers

To authenticate and route your request, include the following custom headers:

HeaderDescription
x-cb-apikeyYour unique API key for authentication.
x-cb-hostThe target server hostname (e.g., for https://www.example.com/path, use www.example.com).
x-cb-proxySets the proxy server. V1 supports optional proxies; V2 requires a fixed or time-sensitive residential/ISP proxy.

Version Comparison & Session Management

V1: Stateless Requests

  • Behavior: Every request is independent and stateless.
  • Proxying: Uses default dynamic proxies unless a custom x-cb-proxy is specified.
  • Best Use: Simple bypass scenarios without complex JS challenges.

V2: Stateful Browser Impersonation

  • Behavior: Automatically handles JS challenges and browser fingerprinting.
  • Session Persistence: Once a challenge is solved, the session (cookies and clearance) is stored for 10 minutes.
  • Auto-Renewal: Successful subsequent requests automatically extend the session lifetime.
  • Isolation: Use the x-cb-part header to define session partitions, allowing you to manage multiple isolated browser contexts simultaneously.

Implementation Guide

Basic V1 Request (Stateless)

curl --request GET 'https://api.scrapingbypass.com/path' \
--header 'x-cb-apikey: YOUR_API_KEY' \
--header 'x-cb-host: www.example.com' \
--header 'x-cb-proxy: http://user:pass@proxy_ip:port'

Advanced V2 Request (Stateful/Challenge Solving)

To solve JS challenges, you must use V2 logic by ensuring your proxy remains consistent and utilizing session partitions if needed.

curl --request POST 'https://api.scrapingbypass.com/login' \
--header 'x-cb-apikey: YOUR_API_KEY' \
--header 'x-cb-host: www.example.com' \
--header 'x-cb-proxy: http://user:pass@fixed_proxy_ip:port' \
--header 'x-cb-part: 0' \
--header 'Content-Type: application/json' \
--data-raw '{"username": "admin", "password": "password"}'

Critical Requirement

Scrapingbypass API V2 requires a stable x-cb-proxy to maintain the integrity of the TLS/JA3 fingerprint. Changing the proxy during an active 10-minute session will result in session invalidation and a 403 Forbidden response from the target WAF.