Akamai Bot Manager

Akamai Bot Manager is one of the most widely deployed enterprise bot protection systems. It works through JavaScript sensor data collection, behavioral analysis, and challenge cookies. uCaptcha supports all three Akamai challenge variants.

Supported Types

Type	Description
AkamaiToken	Generates _abck sensor data for Akamai Bot Manager. The primary challenge type used across most Akamai-protected pages.
AkamaiSecCptToken	Solves the Akamai sec_cpt challenge. Triggered when Bot Manager requires additional verification.
AkamaiSbsdToken	Generates sbsd / bm_sc cookie values used by Akamai’s server-side bot detection.

Parameters

Parameter	Type	Required	Description
type	string	Yes	AkamaiToken, AkamaiSecCptToken, or AkamaiSbsdToken
websiteURL	string	Yes	The URL of the Akamai-protected page
proxy	string	No	Proxy in http://user:pass@host:port format

Note

Akamai tasks are routed exclusively through the RiskByPass provider. A proxy is strongly recommended for sites that validate the sensor data against the originating IP.

Create Task Request

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "AkamaiToken",
    "websiteURL": "https://example.com/protected-page",
    "proxy": "http://user:pass@1.2.3.4:8080"
  }
}

Response

{
  "errorId": 0,
  "taskId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "processing"
}

Solution Object

{
  "token": "sensor_data=abc123..."
}

Field	Type	Description
token	string	The Akamai challenge token. For AkamaiToken, this is the _abck sensor data string. For AkamaiSecCptToken, a sec_cpt verification token. For AkamaiSbsdToken, the sbsd or bm_sc cookie value.

How to Use

AkamaiToken (_abck)

1. When Akamai’s JavaScript challenge fires, capture the challenge parameters from the page.
2. Submit a task with websiteURL and your proxy.
3. Use the returned sensor data as the _abck cookie value on subsequent requests to the protected endpoint.

AkamaiSecCptToken

1. When you receive a sec_cpt challenge response (HTTP 429 or redirect to a challenge page), extract the challenge URL.
2. Submit the task with the challenge URL as websiteURL.
3. Include the returned token in the sec_cpt cookie or header on the retry request.

AkamaiSbsdToken

1. When a server-side sbsd / bm_sc cookie is required, submit the task.
2. Set the returned value as the appropriate cookie (sbsd or bm_sc) on the target domain.

Caution

Akamai sensor data is bound to the originating IP and User-Agent. Always use the same proxy for both the task submission and subsequent requests that use the resulting token.

Code Examples

Python

import requests
import time

API_KEY = "YOUR_API_KEY"

response = requests.post("https://api.ucaptcha.net/createTask", json={
    "clientKey": API_KEY,
    "task": {
        "type": "AkamaiToken",
        "websiteURL": "https://example.com/protected-page",
        "proxy": "http://user:pass@1.2.3.4:8080"
    }
})
task_id = response.json()["taskId"]

while True:
    result = requests.post("https://api.ucaptcha.net/getTaskResult", json={
        "clientKey": API_KEY,
        "taskId": task_id
    }).json()
    if result["status"] == "ready":
        token = result["solution"]["token"]
        print("Token:", token)
        break
    elif result["status"] == "failed":
        print("Error:", result.get("errorDescription"))
        break
    time.sleep(5)

JavaScript

const API_KEY = "YOUR_API_KEY";

const { taskId } = await fetch("https://api.ucaptcha.net/createTask", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientKey: API_KEY,
    task: {
      type: "AkamaiToken",
      websiteURL: "https://example.com/protected-page",
      proxy: "http://user:pass@1.2.3.4:8080"
    }
  })
}).then(r => r.json());

while (true) {
  const result = await fetch("https://api.ucaptcha.net/getTaskResult", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ clientKey: API_KEY, taskId })
  }).then(r => r.json());

  if (result.status === "ready") {
    console.log("Token:", result.solution.token);
    break;
  } else if (result.status === "failed") {
    console.error("Error:", result.errorDescription);
    break;
  }
  await new Promise(r => setTimeout(r, 5000));
}

cURL

curl -X POST https://api.ucaptcha.net/createTask \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "task": {
      "type": "AkamaiToken",
      "websiteURL": "https://example.com/protected-page"
    }
  }'

Provider Coverage

• RiskByPass

RiskByPass API

If you are using the RiskByPass compatibility layer, the equivalent task_type values are:

uCaptcha Type	RiskByPass task_type
AkamaiToken	akamai
AkamaiSecCptToken	sec_cpt
AkamaiSbsdToken	sbsd