Before you submit — these must be correct
If any of these are wrong, your token may be accepted by our solver but rejected or scored poorly by the target site. We can’t detect these mismatches for you.
- Capture the challenge from your OWN session — the sec-cpt is bound to the IP that hit the 428. We only compute the token.
- Honor the challenge `duration` (usually ~30 s) before submitting the token, or Akamai rejects it.
What is Akamai Sec-Cpt Token?
When Akamai Bot Manager wants extra assurance it serves a sec-cpt Adaptive Challenge — an HTTP 428 interstitial carrying a `sec_cpt` cookie and a small JSON config ({token, timestamp, nonce, difficulty, duration}) that demands a SHA-256 proof-of-work before the original request is allowed through. This task does ONLY the compute: you capture the challenge from your own session (your IP already reached the 428), hand us the cookie + config, and we return the solved token to POST back. No proxy is needed — the IP/session binding stays entirely on your side.
How it works
Send Task
POST your AkamaiSecCptToken with the target URL and sitekey to our API. We'll queue it instantly.
We Solve
We run the sec-cpt proof-of-work natively: increment the nonce and SHA-256-hash until the digest meets the challenge difficulty, then format the answer token exactly as Akamai's verify endpoint expects. Pure compute, ~100 ms — the wait Akamai mandates (the challenge `duration`, commonly 30 s) happens on your side, before you submit.
Get Token
Poll getTaskResult — when status is 'ready', the solution contains the token to inject into the target page.
Quick integration
import requests, time
API = "https://api.capzy.ai"
KEY = "capzy_your_key_here"
# Step 1: Create task
task = requests.post(f"{API}/createTask", json={
"clientKey": KEY,
"task": {
"type": "AkamaiSecCptToken",
"secCpt": "<sec_cpt cookie value>",
"secJson": "[object Object]"
}
}).json()
task_id = task["taskId"]
print(f"Task created: {task_id}")
# Step 2: Poll for result
while True:
result = requests.post(f"{API}/getTaskResult", json={
"clientKey": KEY,
"taskId": task_id
}).json()
if result["status"] == "ready":
print("Solved!", result["solution"])
break
elif result["status"] == "failed":
print("Failed:", result.get("errorDescription"))
break
time.sleep(1)
# Step 3: Use the result — paste the token into the site's captcha form field
token = result["solution"]["token"]
# Browser side: set the textarea value or the hidden input. Then submit.
# Server-to-server: post the token alongside the form fields you normally send.
resp = requests.post("https://target.example.com/submit", data={
"username": "...",
"captcha_response": token, # <-- replace with the field name your site uses
})
print(resp.status_code)Task parameters
secCpttypestringreqyesThe `sec_cpt` cookie value Akamai set with the 428 interstitial.secJsontypeobjectreqyesThe challenge config from the interstitial: {token, timestamp, nonce, difficulty, duration}.Solution response
tokentypestringThe solved sec-cpt token. POST it to Akamai's verify endpoint, then resubmit your original request after the mandated wait.Example response
Full getTaskResult response shape. The fields in the table above describe what's inside solution — the outer envelope (errorId, status) is identical for every captcha type.
{
"errorId": 0,
"status": "ready",
"solution": {
"token": "<solved sec-cpt token>"
}
}Error response
Failures use the same envelope with errorId: 1 plus errorCode + errorDescription. See the error-code reference for the full list.
{
"errorId": 1,
"errorCode": "ERROR_CAPTCHA_UNSOLVABLE",
"errorDescription": "Solver gave up — automatically refunded."
}Pending response
While the solver is still working, getTaskResult returns status: "processing". Poll every 1–2 seconds until ready or failed.
{
"errorId": 0,
"status": "processing"
}Features
task types
proxyless: AkamaiSecCptToken