Skip to main content

Data

url
string
required
The URL of the page where the WAF challenge is located.Example: https://mune.rs/
URL must include a path. For example, https://mune.rs is invalid—use https://mune.rs/ instead.
user_agent
string
The User-Agent we must use for the requests.
Defaults to: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
We support:
  • Chrome (Windows, macOS, Linux, iOS & Android)
  • Firefox (Windows, macOS, Linux, iOS & Android)
  • Safari (macOS, iOS) // Tested only on Safari 26
html
string
The HTML body of the challenge you’ve encountered.
If this is not sent, API will automatically try to retrieve the challenge from the URL.
The response you send us must have the header Cf-Mitigated: challenge.
proxy
string
required
Proxy to use for solving the challenge.Format: <http|socks5>://[username:password@]host[:port]Example: http://user:pass@192.168.1.1:8080

Data Example

{
  "url": "https://mune.rs/",
  "html": "<html>...</html>", // optional
  "proxy": "http://user:pass@192.168.1.1:8080"
}

Solution Parameters

clearance
string
required
The WAF clearance cookie value.Cookie name: cf_clearance
cf_bm
string
An optional Cloudflare bot management cookie value.Cookie name: __cf_bm
headers
object
required
HTTP headers used during the solve process. You must use these exact headers for your subsequent requests.Includes: user-agent, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform
response
object
required
Response from the URL you sent with solved cookies.Example:
{
  "status_code": 200,
  "url": "current_url", // URL after redirects
  "headers": { },
  "base64_body": "..."
}

Solution Example

{
  "clearance": "abc123...",
  "cf_bm": "xyz789...",
  "headers": {
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
    "sec-ch-ua": "\"Google Chrome\";v=\"137\", \"Chromium\";v=\"137\", \"Not/A)Brand\";v=\"24\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\""
  },
  "response": {
    "status_code": 200,
    "headers": {
      "content-type": "text/html;charset=utf-8"
    },
    "base64_body": "...",
    "url": "https:/mune.rs/"
  }
}
Using a different IP from the one you used to solve will invalidate the clearance.
Always use the exact headers returned in the solution. Mismatched headers (especially user-agent) will invalidate the clearance.