Imperva (Incapsula)

Imperva (formerly Incapsula) is an enterprise-grade web application security platform that provides bot management, DDoS protection, and web application firewalling. When Imperva detects suspicious traffic, it presents a JavaScript challenge or CAPTCHA interstitial that must be solved before granting access to the protected resource. Solving the challenge returns a verification token that allows bypass of the protection layer.

Supported Types

Type	Proxy Required	Description
ImpervaToken	Yes	Solves the challenge using your proxy. Use when the target site performs IP-based session validation.
ImpervaTokenProxyLess	No	Solves the challenge without a proxy. Recommended for most use cases.

Parameters

Parameter	Type	Required	Description
type	string	Yes	ImpervaToken or ImpervaTokenProxyLess
websiteURL	string	Yes	The URL of the page protected by Imperva
websiteKey	string	Yes	The site key or resource identifier found in the Imperva challenge page source

Proxy Parameters

Required when using the ImpervaToken type:

Parameter	Type	Required	Description
proxyType	string	Yes	http, socks4, or socks5
proxyAddress	string	Yes	Proxy IP or hostname
proxyPort	integer	Yes	Proxy port
proxyLogin	string	No	Proxy username
proxyPassword	string	No	Proxy password

Create Task Request

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "ImpervaTokenProxyLess",
    "websiteURL": "https://example.com/protected-page",
    "websiteKey": "Gv7el56n8M_NHkKvA..."
  }
}

With proxy:

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "ImpervaToken",
    "websiteURL": "https://example.com/protected-page",
    "websiteKey": "Gv7el56n8M_NHkKvA...",
    "proxyType": "http",
    "proxyAddress": "1.2.3.4",
    "proxyPort": 8080,
    "proxyLogin": "user",
    "proxyPassword": "pass"
  }
}

Response

{
  "errorId": 0,
  "taskId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "processing"
}

Solution Object

{
  "token": "swp_xYz123AbC..."
}

Field	Type	Description
token	string	The Imperva verification token. Depending on the implementation, this may be a cookie value or a JavaScript token to inject into the page.

How to Use

1. When you encounter an Imperva challenge page, identify the site key from the page source. Look for Incapsula/Imperva-specific script tags or configuration objects.
2. Submit the task and poll for the solution.
3. Use the returned token according to the target site’s implementation:
   • As a cookie: Set the Imperva session cookies (e.g., incap_ses_*, visid_incap_*) in your HTTP client.
   • As a token: Inject the token into the page’s JavaScript context or include it in subsequent request headers.
4. Retry your original request with the token applied.

Caution

Imperva protections are highly session-sensitive. The token is typically bound to your IP address and User-Agent. Ensure you use the same IP (or proxy) and User-Agent for both the challenge solution and subsequent requests.

Note

Imperva challenge pages can vary significantly between implementations. Some sites use JavaScript-only challenges while others present visual CAPTCHAs. The solver handles both variants transparently.

Code Examples

Python

import requests
import time

API_KEY = "YOUR_API_KEY"

response = requests.post("https://api.ucaptcha.net/createTask", json={
    "clientKey": API_KEY,
    "task": {
        "type": "ImpervaTokenProxyLess",
        "websiteURL": "https://example.com/protected-page",
        "websiteKey": "Gv7el56n8M_NHkKvA..."
    }
})
task_id = response.json()["taskId"]

while True:
    result = requests.post("https://api.ucaptcha.net/getTaskResult", json={
        "clientKey": API_KEY,
        "taskId": task_id
    }).json()
    if result["status"] == "ready":
        token = result["solution"]["token"]
        print("Solution:", token)

        # Use the token to access the protected page
        session = requests.Session()
        session.headers.update({
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
        })
        # Apply the token as needed (implementation-dependent)
        page = session.get("https://example.com/protected-page")
        print("Status:", page.status_code)
        break
    elif result["status"] == "failed":
        print("Error:", result.get("errorDescription"))
        break
    time.sleep(5)

JavaScript

const API_KEY = "YOUR_API_KEY";

const { taskId } = await fetch("https://api.ucaptcha.net/createTask", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientKey: API_KEY,
    task: {
      type: "ImpervaTokenProxyLess",
      websiteURL: "https://example.com/protected-page",
      websiteKey: "Gv7el56n8M_NHkKvA..."
    }
  })
}).then(r => r.json());

while (true) {
  const result = await fetch("https://api.ucaptcha.net/getTaskResult", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ clientKey: API_KEY, taskId })
  }).then(r => r.json());

  if (result.status === "ready") {
    console.log("Solution:", result.solution.token);
    break;
  } else if (result.status === "failed") {
    console.error("Error:", result.errorDescription);
    break;
  }
  await new Promise(r => setTimeout(r, 5000));
}

cURL

# Create the task
curl -X POST https://api.ucaptcha.net/createTask \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "task": {
      "type": "ImpervaTokenProxyLess",
      "websiteURL": "https://example.com/protected-page",
      "websiteKey": "Gv7el56n8M_NHkKvA..."
    }
  }'

# Poll for the result (replace TASK_ID with the returned taskId)
curl -X POST https://api.ucaptcha.net/getTaskResult \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "taskId": "TASK_ID"
  }'

Provider Coverage

• CapMonster
• RiskByPass

Aliases

The following backward-compatible type names are also accepted:

Alias	Maps To
CustomTask:Incapsula	ImpervaTokenProxyLess