Vercel Bot Protection

Vercel Bot Protection is a built-in bot mitigation feature available to Vercel-hosted applications. When enabled, it intercepts requests from automated clients and serves a JavaScript challenge that must be solved before the request is forwarded to the origin. This protection can be applied at the edge to specific routes or the entire application.

Supported Types

Type	Description
VercelToken	Solves the Vercel bot challenge and returns a bypass token.

Parameters

Parameter	Type	Required	Description
type	string	Yes	VercelToken
websiteURL	string	Yes	The URL of the Vercel-protected page or endpoint
proxy	string	No	Proxy in http://user:pass@host:port format

Create Task Request

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "VercelToken",
    "websiteURL": "https://example.vercel.app/api/data"
  }
}

Response

{
  "errorId": 0,
  "taskId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "processing"
}

Solution Object

{
  "token": "_vcrcs=abc123..."
}

Field	Type	Description
token	string	The Vercel bot challenge bypass token. Apply as a cookie or header on the target domain.

How to Use

1. When a request to a Vercel-protected endpoint returns a challenge page (typically with a _vcrcs cookie requirement or JavaScript challenge), capture the target URL.
2. Submit the task with the challenged URL.
3. Apply the returned token as the _vcrcs cookie on the target domain.
4. Retry your original request with the cookie applied.

Note

Vercel bot protection is configured per-deployment. The bypass token is typically short-lived — use it immediately after receiving it.

Code Examples

Python

import requests
import time

API_KEY = "YOUR_API_KEY"

response = requests.post("https://api.ucaptcha.net/createTask", json={
    "clientKey": API_KEY,
    "task": {
        "type": "VercelToken",
        "websiteURL": "https://example.vercel.app/api/data"
    }
})
task_id = response.json()["taskId"]

while True:
    result = requests.post("https://api.ucaptcha.net/getTaskResult", json={
        "clientKey": API_KEY,
        "taskId": task_id
    }).json()
    if result["status"] == "ready":
        token = result["solution"]["token"]
        print("Token:", token)
        break
    elif result["status"] == "failed":
        print("Error:", result.get("errorDescription"))
        break
    time.sleep(5)

JavaScript

const API_KEY = "YOUR_API_KEY";

const { taskId } = await fetch("https://api.ucaptcha.net/createTask", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientKey: API_KEY,
    task: {
      type: "VercelToken",
      websiteURL: "https://example.vercel.app/api/data"
    }
  })
}).then(r => r.json());

while (true) {
  const result = await fetch("https://api.ucaptcha.net/getTaskResult", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ clientKey: API_KEY, taskId })
  }).then(r => r.json());

  if (result.status === "ready") {
    console.log("Token:", result.solution.token);
    break;
  } else if (result.status === "failed") {
    console.error("Error:", result.errorDescription);
    break;
  }
  await new Promise(r => setTimeout(r, 5000));
}

cURL

curl -X POST https://api.ucaptcha.net/createTask \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY",
    "task": {
      "type": "VercelToken",
      "websiteURL": "https://example.vercel.app/api/data"
    }
  }'

Provider Coverage

• RiskByPass

RiskByPass API

If you are using the RiskByPass compatibility layer, the equivalent task_type is vercel.