All endpoints accept JSON bodies. Each dedicated endpoint maps to a specific mode. The
/bypass master endpoint accepts any mode via the mode field. Pass
useProxy: true to route through the internal proxy pool โ no proxy config needed.
| Field | Type | Required | Description |
|---|---|---|---|
| url | string | required | Target URL |
| mode | string | required | cloudflare ยท turnstile-min ยท
turnstile-max ยท source ยท waf-session |
| siteKey | string | optional* | Required when mode is turnstile-min |
| useProxy | boolean | optional | Route through internal proxy pool (default: false) |
| proxy | object | optional | Override proxy: {"host","port","username?","password?"} |
| waitFor | number | optional | Extra ms to wait after CF clears โ cloudflare mode only (max 15000) |
| getSource | boolean | optional | Return full HTML source โ cloudflare mode only |
| login | object | optional | Auto-login config โ see Login section |
| actions | array | optional | Browser actions after navigation โ see Actions section |
| setCookies | array | optional | Inject cookies before navigation: [{name,value,domain}] |
POST /bypass { "url": "https://www.createimg.com/", "mode": "turnstile-min", "siteKey": "0x4AAAAAABggkaHPwa2n_WBx" }
{
"url": "https://example.com/",
"mode": "cloudflare",
"waitFor": 6000,
"getSource": true,
"useProxy": true
}
{ "success": true, "data": {
"cf_clearance": "ANhX...", "__cf_bm": "abc...",
"token": "0.xyz...", // only if siteKey passed
"cookies": [...], "sessionCookies": {}, "userAgent": "Mozilla...",
"title": "Page Title", "source": null, "finalUrl": "https://..."
}}
{ "success": true, "data": { "token": "0.abc123..." } }
Intercepts the page request and replaces it with a minimal Turnstile render page. Requires
siteKey.
{ "url": "https://site.com/", "siteKey": "0x4AAA..." }
Loads the full real page and lets the browser's built-in Turnstile solver handle it. No siteKey needed.
{ "url": "https://site.com/" }
Bypass Cloudflare WAF and return cf_clearance, all cookies, user agent, and optionally
page source. Supports login and custom actions.
{ "url": "https://site.com/", "waitFor": 5000, "getSource": true }
Returns cookies and request headers (including Accept-Language as seen by the server).
Use with cycletls or got-scraping.
{ "url": "https://site.com/" }
// Response { "data": { "cookies": [...], "headers": { "user-agent": "...", "accept-language": "en-US,en;q=0.9" } } }
{ "url": "https://site.com/" }
Pass a login object to /bypass or /cloudflare to authenticate
before extracting session cookies.
{
"url": "https://site.com/dashboard",
"mode": "cloudflare",
"getSource": true,
"login": {
"loginUrl": "https://site.com/login",
"usernameSelector": "input[name='email']",
"passwordSelector": "input[name='password']",
"submitSelector": "button[type='submit']",
"username": "you@example.com",
"password": "yourpassword",
"waitAfterLogin": 3000
}
}
| Type | Fields | Description |
|---|---|---|
| click | selector, wait? | Click element by CSS selector |
| type | selector, value, wait? | Type text into input |
| wait | ms | Wait N milliseconds |
| navigate | url, wait? | Navigate to URL (waits for CF) |
| waitForSelector | selector, timeout? | Wait for element to appear |
{
"url": "https://site.com/", "mode": "cloudflare",
"actions": [
{ "type": "waitForSelector", "selector": "#search" },
{ "type": "type", "selector": "#search", "value": "hello" },
{ "type": "click", "selector": "button[type='submit']", "wait": 2000 }
], "getSource": true
}
โ ๏ธ Proxy testing runs on startup and every 15 min. Pass useProxy: true to opt-in
per-request. Without it, requests go direct โ no proxy needed in your client code.