What is Kasada Bot Defense?
Kasada is a bot defense platform that uses a custom JavaScript VM (ips.js) to fingerprint browsers and generate proof-of-work tokens. Kasada uses two tokens: x-kpsdk-ct (client token, ~30 min lifetime) and x-kpsdk-cd (single-use per-request proof-of-work).
How it works
Send Task
POST your KasadaCaptchaTask with the target URL and sitekey to our API. We'll queue it instantly.
We Solve
Capzy's proprietary solver returns the Kasada x-kpsdk-ct + x-kpsdk-cd tokens and KP_UIDz session cookies needed for protected requests. Designed for authorized testing and automation.
Get Token
Poll getTaskResult — when status is 'ready', the solution contains the token to inject into the target page.
Quick integration
import requests, time
API = "https://api.capzy.ai"
KEY = "capzy_your_key_here"
# Step 1: Create task
task = requests.post(f"{API}/createTask", json={
"clientKey": KEY,
"task": {
"type": "KasadaCaptchaTask",
"proxyPort": "8080",
"proxyType": "http",
"proxyLogin": "user",
"websiteURL": "https://example.com/",
"proxyAddress": "123.45.67.89",
"proxyPassword": "pass"
}
}).json()
task_id = task["taskId"]
print(f"Task created: {task_id}")
# Step 2: Poll for result
while True:
result = requests.post(f"{API}/getTaskResult", json={
"clientKey": KEY,
"taskId": task_id
}).json()
if result["status"] == "ready":
print("Solved!", result["solution"])
break
elif result["status"] == "failed":
print("Failed:", result.get("errorDescription"))
break
time.sleep(1)
# Step 3: Use the result — Kasada uses custom headers, not a Cookie:
sol = result["solution"]
headers = {
"x-kpsdk-ct": sol["x-kpsdk-ct"],
"x-kpsdk-cd": sol["x-kpsdk-cd"], # single-use per request
"User-Agent": sol.get("userAgent", ""),
}
cookies = sol.get("cookies", {})
resp = requests.get("https://target.example.com/", headers=headers, cookies=cookies)
print(resp.status_code)Task parameters
typetypestringreqyesKasadaCaptchaTaskProxyLess or KasadaCaptchaTaskwebsiteURLtypestringreqyesAny URL on the Kasada-protected domainproxyTypetypestringreqyesProxy protocol: http or httpsproxyAddresstypestringreqyesProxy IP address or hostnameproxyPorttypenumberreqyesProxy port numberproxyLogintypestringreqnoProxy username (if auth required)proxyPasswordtypestringreqnoProxy password (if auth required)userAgenttypestringreqyesUser-Agent string to use. Must match the UA you use when submitting the tokenSolution response
x-kpsdk-cttypestringThe primary Kasada clearance token. Submit as the `x-kpsdk-ct` HTTP header on subsequent requests.x-kpsdk-cdtypestringSingle-use challenge response token — must be submitted as `x-kpsdk-cd` header on the FIRST request after the solve. Subsequent requests don't need it.x-kpsdk-vtypestringKasada SDK version identifier — submit as `x-kpsdk-v` header so the server expects payload v matching.x-kpsdk-rtypestringRandom nonce token — submit as `x-kpsdk-r` header. Kasada rotates this per session.x-kpsdk-sttypestringSession-state token — submit as `x-kpsdk-st` header.x-kpsdk-fctypestringFingerprint-confirmation token — submit as `x-kpsdk-fc` header on the first protected request.x-kpsdk-htypestringHeader-binding token — submit as `x-kpsdk-h` header. Ties the clearance to the specific UA + headers.cookiestypeobjectKasada session cookies as `{KP_UIDz, KP_UIDz-ssn}` (object form, not array). Set both before the next request — replay without them invalidates the clearance.userAgenttypestringExact User-Agent the solver used. Reuse verbatim — Kasada correlates UA with the TLS fingerprint that produced the clearance.expiresAttypenumberUnix epoch (seconds) when the `x-kpsdk-ct` token expires. Typically ~30 minutes from solve time. Re-solve before this deadline if your session is long-lived.Example response
Full getTaskResult response shape. The fields in the table above describe what's inside solution — the outer envelope (errorId, status) is identical for every captcha type.
{
"errorId": 0,
"status": "ready",
"solution": {
"cookies": {
"KP_UIDz": "session_uid_value",
"KP_UIDz-ssn": "ssn_value"
},
"expiresAt": 1715301000,
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"x-kpsdk-h": "header_binding_token",
"x-kpsdk-r": "random_nonce_per_session_value",
"x-kpsdk-v": "j-1.0.0",
"x-kpsdk-cd": "challenge_response_single_use_token",
"x-kpsdk-ct": "01HZ8X9Y...long_kasada_clearance_token...AAAAAAA",
"x-kpsdk-fc": "fingerprint_confirmation_token",
"x-kpsdk-st": "session_state_token_value"
}
}Error response
Failures use the same envelope with errorId: 1 plus errorCode + errorDescription. See the error-code reference for the full list.
{
"errorId": 1,
"errorCode": "ERROR_CAPTCHA_UNSOLVABLE",
"errorDescription": "Solver gave up — automatically refunded."
}Pending response
While the solver is still working, getTaskResult returns status: "processing". Poll every 1–2 seconds until ready or failed.
{
"errorId": 0,
"status": "processing"
}Features
task types
required: KasadaCaptchaTask