Cloudflare Challenge

Cloudflare Challenge pages (also known as “Checking your browser” or “Just a moment” interstitials) are JavaScript-based challenges that Cloudflare deploys to verify visitors before granting access to a protected website. These challenges are among the most common anti-bot measures on the web and require a specialized solver that can execute the Cloudflare JavaScript environment and return valid clearance cookies.

Supported Types

Type	Proxy Required	Description
CloudflareChallengeToken	Yes	Solves the challenge using your proxy. Use when the target site enforces IP matching between challenge clearance and subsequent requests.
CloudflareChallengeTokenProxyLess	No	Solves the challenge without a proxy. Recommended for most use cases.

Parameters

Parameter	Type	Required	Description
type	string	Yes	CloudflareChallengeToken or CloudflareChallengeTokenProxyLess
websiteURL	string	Yes	The full URL of the page protected by the Cloudflare challenge
metadata	object	No	Additional metadata for the challenge. Provider-specific; consult provider docs for supported fields.

Proxy Parameters

Required when using the CloudflareChallengeToken type:

Parameter	Type	Required	Description
proxyType	string	Yes	http, socks4, or socks5
proxyAddress	string	Yes	Proxy IP or hostname
proxyPort	integer	Yes	Proxy port
proxyLogin	string	No	Proxy username
proxyPassword	string	No	Proxy password

Create Task Request

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "CloudflareChallengeTokenProxyLess",
    "websiteURL": "https://example.com/protected-page"
  }
}

With proxy:

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "CloudflareChallengeToken",
    "websiteURL": "https://example.com/protected-page",
    "proxyType": "http",
    "proxyAddress": "1.2.3.4",
    "proxyPort": 8080,
    "proxyLogin": "user",
    "proxyPassword": "pass"
  }
}

Response

{
  "errorId": 0,
  "taskId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "processing"
}

Solution Object

{
  "token": "0.AbiG9...",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...",
  "cookies": {
    "cf_clearance": "HOn0M2Z..."
  }
}

Field	Type	Description
token	string	The Cloudflare challenge token
userAgent	string	The User-Agent string used during solving. You must use this exact User-Agent in subsequent requests.
cookies	object	Cookie key-value pairs that must be set in your browser or HTTP client
cookies.cf_clearance	string	The cf_clearance cookie that grants access past the challenge

How to Use

1. Submit the task and poll for the solution.
2. Set the cf_clearance cookie in your browser or HTTP client for the target domain.
3. Set the User-Agent header to the exact value returned in solution.userAgent.
4. Make your request to the protected URL. The Cloudflare challenge will be bypassed.

Caution

The cf_clearance cookie is bound to the User-Agent string. If you use a different User-Agent than the one returned in the solution, Cloudflare will reject the cookie and present the challenge again.

Note

Cloudflare clearance cookies have a limited lifespan (typically 15-30 minutes). Plan your workflow to request a new solution before the cookie expires.

Code Examples

Python

import requests
import time

API_KEY = "YOUR_API_KEY"

response = requests.post("https://api.ucaptcha.net/createTask", json={
    "clientKey": API_KEY,
    "task": {
        "type": "CloudflareChallengeTokenProxyLess",
        "websiteURL": "https://example.com/protected-page"
    }
})
task_id = response.json()["taskId"]

while True:
    result = requests.post("https://api.ucaptcha.net/getTaskResult", json={
        "clientKey": API_KEY,
        "taskId": task_id
    }).json()
    if result["status"] == "ready":
        solution = result["solution"]
        print("cf_clearance:", solution["cookies"]["cf_clearance"])
        print("User-Agent:", solution["userAgent"])

        # Use the solution to access the protected page
        session = requests.Session()
        session.cookies.set("cf_clearance", solution["cookies"]["cf_clearance"], domain="example.com")
        session.headers.update({"User-Agent": solution["userAgent"]})
        page = session.get("https://example.com/protected-page")
        print("Status:", page.status_code)
        break
    elif result["status"] == "failed":
        print("Error:", result.get("errorDescription"))
        break
    time.sleep(5)

JavaScript

const API_KEY = "YOUR_API_KEY";

const { taskId } = await fetch("https://api.ucaptcha.net/createTask", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientKey: API_KEY,
    task: {
      type: "CloudflareChallengeTokenProxyLess",
      websiteURL: "https://example.com/protected-page"
    }
  })
}).then(r => r.json());

while (true) {
  const result = await fetch("https://api.ucaptcha.net/getTaskResult", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ clientKey: API_KEY, taskId })
  }).then(r => r.json());

  if (result.status === "ready") {
    console.log("cf_clearance:", result.solution.cookies.cf_clearance);
    console.log("User-Agent:", result.solution.userAgent);
    break;
  } else if (result.status === "failed") {
    console.error("Error:", result.errorDescription);
    break;
  }
  await new Promise(r => setTimeout(r, 5000));
}

cURL

# Create the task
curl -X POST https://api.ucaptcha.net/createTask \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "task": {
      "type": "CloudflareChallengeTokenProxyLess",
      "websiteURL": "https://example.com/protected-page"
    }
  }'

# Poll for the result (replace TASK_ID with the returned taskId)
curl -X POST https://api.ucaptcha.net/getTaskResult \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "taskId": "TASK_ID"
  }'

Provider Coverage

• 2Captcha
• CapSolver
• CapMonster
• RiskByPass

Aliases

The following backward-compatible type names are also accepted:

Alias	Maps To
AntiCloudflareTask	CloudflareChallengeTokenProxyLess