Overview
Scrapingbypass API enables seamless bypass of Cloudflare’s security suite, including WAF, Turnstile, and JavaScript Challenges. This document outlines the technical implementation for the HTTP API and SDK, focusing on endpoint configuration, required headers, and session management.
Endpoint Configuration
The API utilizes the HTTPS protocol and supports all standard HTTP methods. To route traffic through the service, replace the target host with the Scrapingbypass API base URL:
- API Gateway:
https://api.scrapingbypass.com
Mandatory Request Headers
To authenticate and route your requests, the following headers must be included:
| Header | Description |
|---|---|
x-cb-apikey | Your unique API authentication key. |
x-cb-host | The target server’s hostname or IP (e.g., www.example.com). |
x-cb-proxy | The proxy server string. (Required for V2; optional for V1). |
Version Comparison & Session Logic
V1 API: Stateless Requests
- Proxying: Utilizes a default dynamic proxy pool. Custom proxies can be specified via
x-cb-proxy. - State: Every request is independent and stateless.
- Use Case: Suitable for basic scraping where session persistence is not required.
V2 API: Challenge Handling & Session Persistence
- Proxying: Requires a static or time-limited residential ISP proxy. Use the same proxy string to maintain the session.
- Challenge Solving: Automatically detects and solves Cloudflare JS challenges.
- Session Management: Once a challenge is solved, the backend persists the Cloudflare session for 10 minutes. Subsequent requests within this window automatically reuse the validated session state and extend the TTL upon success.
- Isolation: Use the
x-cb-partparameter to create session partitions, allowing you to manage multiple isolated browser contexts simultaneously.
Implementation Example (Python)
import requests
# API Configuration
api_url = "https://api.scrapingbypass.com/v2/target-path"
headers = {
"x-cb-apikey": "YOUR_API_KEY",
"x-cb-host": "www.example.com",
"x-cb-proxy": "http://user:pass@proxy_host:port", # Required for V2
"Content-Type": "application/json"
}
# Optional: Session Partitioning
params = {
"part": "session_01"
}
response = requests.get(api_url, headers=headers, params=params)
print(f"Status Code: {response.status_code}")
print(f"Response Body: {response.text}")
Implementation Note
For high-concurrency environments using V2, ensure your
x-cb-proxyremains consistent for eachpartID to leverage session persistence and avoid redundant credit consumption for JS challenges.