PerimeterX (HUMAN Security)

PerimeterX (now HUMAN Security) is an enterprise bot protection platform deployed by major e-commerce sites, media properties, and financial services. It intercepts suspicious traffic with JavaScript-based invisible challenges or full-page hold/block pages that must be solved before access is granted.

Supported Types

Type	Price	Description
PerimeterXToken	$3/1k	Solves the PerimeterX invisible challenge. The most common variant — triggered silently in the background without a visible CAPTCHA.
PerimeterXHoldToken	$5/1k	Solves the PerimeterX hold page. Triggered when PerimeterX blocks a request and serves a full interstitial page requiring human verification.

Note

PerimeterX hold pages are more resource-intensive to solve than invisible challenges. The higher price reflects the additional complexity of the hold page variant.

Parameters

Parameter	Type	Required	Description
type	string	Yes	PerimeterXToken or PerimeterXHoldToken
websiteURL	string	Yes	The URL of the PerimeterX-protected page
proxy	string	No	Proxy in http://user:pass@host:port format

Create Task Request

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "PerimeterXToken",
    "websiteURL": "https://example.com/protected-page",
    "proxy": "http://user:pass@1.2.3.4:8080"
  }
}

Hold page variant:

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "PerimeterXHoldToken",
    "websiteURL": "https://example.com/blocked-page",
    "proxy": "http://user:pass@1.2.3.4:8080"
  }
}

Response

{
  "errorId": 0,
  "taskId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "processing"
}

Solution Object

{
  "token": "_pxhd=abc123xyz..."
}

Field	Type	Description
token	string	The PerimeterX bypass token. Apply this as a cookie on the target domain to bypass the protection.

How to Use

1. Detect the PerimeterX challenge: look for _px cookies or a redirect to /_sec/cp_challenge/ in the response.
2. Determine the challenge type: invisible (background JS evaluation) or hold page (full interstitial block).
3. Submit the appropriate task type with the target URL.
4. Apply the returned token as cookies on the target domain:
   • Set _pxhd and any _px* cookies from the solution.
5. Retry your original request with the cookies applied.

Caution

PerimeterX tokens are IP-bound. Use the same proxy IP for the task submission and all subsequent requests using the token. Changing IPs will invalidate the session.

Tip

For hold pages, provide the exact URL of the blocked/hold page, not the original target URL. The solver needs to access the hold page directly to solve it.

Code Examples

Python

import requests
import time

API_KEY = "YOUR_API_KEY"

response = requests.post("https://api.ucaptcha.net/createTask", json={
    "clientKey": API_KEY,
    "task": {
        "type": "PerimeterXToken",
        "websiteURL": "https://example.com/protected-page",
        "proxy": "http://user:pass@1.2.3.4:8080"
    }
})
task_id = response.json()["taskId"]

while True:
    result = requests.post("https://api.ucaptcha.net/getTaskResult", json={
        "clientKey": API_KEY,
        "taskId": task_id
    }).json()
    if result["status"] == "ready":
        token = result["solution"]["token"]
        print("Token:", token)
        break
    elif result["status"] == "failed":
        print("Error:", result.get("errorDescription"))
        break
    time.sleep(5)

JavaScript

const API_KEY = "YOUR_API_KEY";

const { taskId } = await fetch("https://api.ucaptcha.net/createTask", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientKey: API_KEY,
    task: {
      type: "PerimeterXToken",
      websiteURL: "https://example.com/protected-page",
      proxy: "http://user:pass@1.2.3.4:8080"
    }
  })
}).then(r => r.json());

while (true) {
  const result = await fetch("https://api.ucaptcha.net/getTaskResult", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ clientKey: API_KEY, taskId })
  }).then(r => r.json());

  if (result.status === "ready") {
    console.log("Token:", result.solution.token);
    break;
  } else if (result.status === "failed") {
    console.error("Error:", result.errorDescription);
    break;
  }
  await new Promise(r => setTimeout(r, 5000));
}

cURL

curl -X POST https://api.ucaptcha.net/createTask \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "task": {
      "type": "PerimeterXToken",
      "websiteURL": "https://example.com/protected-page"
    }
  }'

Provider Coverage

• RiskByPass

RiskByPass API

If you are using the RiskByPass compatibility layer, the equivalent task_type values are:

uCaptcha Type	RiskByPass task_type
PerimeterXToken	perimeterx_invisible
PerimeterXHoldToken	perimeterx_hold