Kasada

Kasada is an enterprise bot detection platform used by high-demand ticketing platforms, sneaker retailers, and gaming marketplaces. It analyzes browser fingerprints and behavioral signals at the JavaScript level, producing challenge tokens that must be solved before accessing protected endpoints.

Supported Types

Type	Description
KasadaToken	Solves the Kasada ct cookie challenge. Used for most Kasada-protected pages.
KasadaCdToken	Solves the Kasada cd challenge. Used for Kasada’s content delivery challenge variant.
KasadaTlPayloadToken	Generates a Kasada TL (Traffic Layer) payload. Required for protected API endpoints.

Parameters

Parameter	Type	Required	Description
type	string	Yes	KasadaToken, KasadaCdToken, or KasadaTlPayloadToken
websiteURL	string	Yes	The URL of the Kasada-protected page or API endpoint
proxy	string	No	Proxy in http://user:pass@host:port format. Recommended for IP-sensitive targets.

Note

Kasada tasks are routed exclusively through the RiskByPass provider, which specializes in enterprise WAF bypass. Proxy parameters are passed directly to the solver.

Create Task Request

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "KasadaToken",
    "websiteURL": "https://example.com/api/checkout"
  }
}

With proxy:

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "KasadaToken",
    "websiteURL": "https://example.com/api/checkout",
    "proxy": "http://user:pass@1.2.3.4:8080"
  }
}

Response

{
  "errorId": 0,
  "taskId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "processing"
}

Solution Object

{
  "token": "ct=abc123xyz..."
}

Field	Type	Description
token	string	The Kasada challenge token. The format varies by type: a ct=... cookie for KasadaToken, a cd payload for KasadaCdToken, or a TL payload string for KasadaTlPayloadToken.

How to Use

1. Identify which Kasada challenge variant the target site uses by inspecting network requests.
2. For KasadaToken: set the returned ct value as a cookie on the target domain and retry the request.
3. For KasadaCdToken: include the token in the appropriate request header or cookie as required by the target site.
4. For KasadaTlPayloadToken: include the TL payload in the request body or headers of the protected API call.

Caution

Kasada tokens are session-bound and short-lived. Use the token immediately after receiving it. Reuse the same IP address (or proxy) for subsequent requests that depend on the token.

Code Examples

Python

import requests
import time

API_KEY = "YOUR_API_KEY"

response = requests.post("https://api.ucaptcha.net/createTask", json={
    "clientKey": API_KEY,
    "task": {
        "type": "KasadaToken",
        "websiteURL": "https://example.com/api/checkout",
        "proxy": "http://user:pass@1.2.3.4:8080"
    }
})
task_id = response.json()["taskId"]

while True:
    result = requests.post("https://api.ucaptcha.net/getTaskResult", json={
        "clientKey": API_KEY,
        "taskId": task_id
    }).json()
    if result["status"] == "ready":
        token = result["solution"]["token"]
        print("Token:", token)
        break
    elif result["status"] == "failed":
        print("Error:", result.get("errorDescription"))
        break
    time.sleep(5)

JavaScript

const API_KEY = "YOUR_API_KEY";

const { taskId } = await fetch("https://api.ucaptcha.net/createTask", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientKey: API_KEY,
    task: {
      type: "KasadaToken",
      websiteURL: "https://example.com/api/checkout",
      proxy: "http://user:pass@1.2.3.4:8080"
    }
  })
}).then(r => r.json());

while (true) {
  const result = await fetch("https://api.ucaptcha.net/getTaskResult", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ clientKey: API_KEY, taskId })
  }).then(r => r.json());

  if (result.status === "ready") {
    console.log("Token:", result.solution.token);
    break;
  } else if (result.status === "failed") {
    console.error("Error:", result.errorDescription);
    break;
  }
  await new Promise(r => setTimeout(r, 5000));
}

cURL

# Create the task
curl -X POST https://api.ucaptcha.net/createTask \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "task": {
      "type": "KasadaToken",
      "websiteURL": "https://example.com/api/checkout"
    }
  }'

# Poll for the result
curl -X POST https://api.ucaptcha.net/getTaskResult \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "taskId": "TASK_ID"
  }'

Provider Coverage

• RiskByPass

RiskByPass API

If you are using the RiskByPass compatibility layer, the equivalent task_type values are:

uCaptcha Type	RiskByPass task_type
KasadaToken	kasada
KasadaCdToken	kasada_cd
KasadaTlPayloadToken	kasada_tl_payload