Captcha Types
Kasada
Kasada BotManager - anti-bot protection using JavaScript challenges and sensor data.
Kasada protects sites by serving a JavaScript challenge (PJS) that collects sensor data
and bot-detection telemetry. The solver handles the challenge and returns the required
headers (x-kpsdk-cd, x-kpsdk-ct, x-kpsdk-st, x-kpsdk-r, x-kpsdk-cr).
| Type string | When to use |
|---|---|
Kasada | Standard Kasada-protected endpoint |
KasadaCustom | Kasada with custom configuration or specific version pinning |
Data fields
| Field | Required | Description |
|---|---|---|
pjs | Yes | The Kasada PJS (Primary JavaScript) URL or content. Found in the x-kpsdk-v header or as a <script src="..."> on the page. |
endpoint | No | The specific API endpoint URL to solve against (e.g. https://example.com/api/1.0/some-endpoint). Defaults to site_url if omitted. |
kasada_version | No | Override for the x-kpsdk-v version string (e.g. j-1.2.139). Auto-detected if omitted. |
Solution fields
| Field | Description |
|---|---|
solution.x-kpsdk-cd | Challenge data header — pass this in subsequent requests. |
solution.x-kpsdk-ct | Client timestamp header. |
solution.x-kpsdk-st | Session token header. |
solution.x-kpsdk-r | Response header. |
solution.x-kpsdk-cr | Challenge response header. |
solution.user-agent | The user-agent used during solving — must match for header validation. |
Example
{
"api_key": "YOUR_API_KEY",
"type": "Kasada",
"site_url": "https://example.com/api/data",
"proxy": "user:pass@host:port",
"data": {
"pjs": "https://example.com/149e9513-01fa-4fb0-aad4-566afd725d12/2d206a39-8ed7-437e-a3be-862e0f06eea3/p.js",
}
}{
"errorId": 0,
"status": "ready",
"solvtime": 3.42,
"data": {
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...",
"language": "en-US,en;q=0.9",
"solution": {
"x-kpsdk-cd": "eyAgImlzQm90IjogZmFsc2U...",
"x-kpsdk-ct": "0a5b8c3d...",
"x-kpsdk-st": "1697234567890",
"x-kpsdk-r": "eyJsYW5ndWFnZSI6ImVu...",
"x-kpsdk-cr": "eyJob3N0bmFtZSI6..."
}
}
}How to identify Kasada
- Open DevTools — Network tab and look for requests that include
x-kpsdk-cd,x-kpsdk-ct, orx-kpsdk-stresponse headers. - Search the page source for
/p.jsor the characteristic Kasada script path pattern:/<uuid>/<uuid>/p.js - The script URL contains the PJS endpoint — use it in the
pjsfield.
Using the solution headers
After solving, include the returned headers in your subsequent requests to the protected endpoint:
x-kpsdk-cd: <from solution>
x-kpsdk-ct: <from solution>
x-kpsdk-st: <from solution>
x-kpsdk-r: <from solution>
x-kpsdk-cr: <from solution>The user-agent from the solution must also be used in your requests, as Kasada
binds the headers to the specific user-agent fingerprint.