Skip to main content

Data

url
string
required
The URL of the page where the WAF challenge is located.Example: https://mune.rs/
URL must include a path. For example, https://mune.rs is invalid—use https://mune.rs/ instead.
user_agent
string
The User-Agent we must use for the requests.
Defaults to: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
We support:
  • Chrome (Windows, macOS, Linux, iOS & Android)
  • Firefox (Windows, macOS, Linux, iOS & Android)
  • Safari (macOS, iOS) // Tested only on Safari 26
html
string
The HTML body of the challenge you’ve encountered.
If this is not sent, API will automatically try to retrieve the challenge from the URL.
The response you send us must have the header Cf-Mitigated: challenge.
proxy
string
required
Proxy to use for solving the challenge.Format: <http|socks5>://[username:password@]host[:port]Example: http://user:pass@192.168.1.1:8080

Data Example

{
  "url": "https://mune.rs/",
  "html": "<html>...</html>", // optional
  "proxy": "http://user:pass@192.168.1.1:8080"
}

Solution Parameters

clearance
string
required
The WAF clearance cookie value.Cookie name: cf_clearance
cf_bm
string
An optional Cloudflare bot management cookie value.Cookie name: __cf_bm
cf_rt
string
required
A token that must be appended to the Referer header as a query parameter on your first request.Query parameter: __cf_chl_tkExamples:
Original refererModified referer
https://mune.rs/https://mune.rs/?__cf_chl_tk=<cf_rt>
https://mune.rs/?a=bhttps://mune.rs/?a=b&__cf_chl_tk=<cf_rt>
Not always required, but usually enforced on high-security sites.
attributes
object
required
Key-value pairs that must be submitted (POST request) as the body of your first request.Content-Type: application/x-www-form-urlencoded
Not always required, but usually enforced on high-security sites.
headers
object
required
HTTP headers used during the solve process. You must use these exact headers for your subsequent requests.Includes: user-agent, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform

Solution Example

{
  "clearance": "abc123...",
  "cf_bm": "xyz789...",
  "cf_rt": "token123...",
  "attributes": {
    "a": "value1",
    "b": "value2",
    "c": "value3"
  },
  "headers": {
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
    "sec-ch-ua": "\"Google Chrome\";v=\"137\", \"Chromium\";v=\"137\", \"Not/A)Brand\";v=\"24\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\""
  }
}
Using a different IP from the one you used to solve will invalidate the clearance.
Always use the exact headers returned in the solution. Mismatched headers (especially user-agent) will invalidate the clearance.