API Reference
Cloudflare Challenge
Solve full-page Cloudflare interstitials ("Just a moment...", I'm Under Attack mode, invisible challenges) and receive a cf_clearance cookie bound to your proxy.
Cloudflare Challenge
The Challenge type handles the full-page interstitial ("Just a moment...", "Checking your browser...", I'm Under Attack mode) and invisible challenges that gate the entire site. It returns a cf_clearance cookie you replay on the next request.
A proxy is required
The solver navigates through your proxy so that the resulting cookie is valid for that proxy's egress IP. Calls without a proxy return 400. The same proxy must be used when replaying the cookie.
Request
| Field | Type | Required | Notes |
|---|---|---|---|
type | string | Yes | challenge (or alias cloudflare-challenge). |
url | string | Yes | Page URL — http/https, public host, max 2048 chars. |
proxy | string | Yes | protocol://[user:pass@]host:port. The cookie binds to this IP. |
user_agent | string | No | Recommended — use the same UA you'll replay the cookie with. |
Response
{
"success": true,
"type": "challenge",
"cookies": { "cf_clearance": "abc123..." },
"user_agent": "Mozilla/5.0 ...",
"cost": 0.001
}Some sites also return a token field instead of (or alongside) cookies — keep your code resilient to both shapes.
| Field | When present | Notes |
|---|---|---|
cookies | Always for true Challenge pages | Set on requests to the same origin. |
user_agent | Always | Use this exact UA when replaying — Cloudflare fingerprints UAs. |
token | Sometimes | Pass through as the form field, like a Turnstile token. |
Use the result
import requests
solve = requests.post(
"https://api.nslsolver.com/solve",
headers={"X-API-Key": "YOUR_KEY"},
json={
"type": "challenge",
"url": "https://example.com/protected",
"proxy": "http://user:[email protected]:8080",
},
timeout=120,
).json()
session = requests.Session()
session.cookies.set("cf_clearance", solve["cookies"]["cf_clearance"], domain="example.com")
session.headers["User-Agent"] = solve["user_agent"]
session.proxies = {"http": "http://user:[email protected]:8080",
"https": "http://user:[email protected]:8080"}
# Now use `session` for downstream calls. The proxy and UA must match the solve.
session.get("https://example.com/protected")Performance
| Metric | Typical value |
|---|---|
| Solve time | 1-5 seconds |
| Cookie lifetime | ~300 seconds |
| Success rate | ~95% |
When to pick Challenge over Turnstile
| Page behaviour | Use |
|---|---|
Shows a visible widget with data-sitekey | Turnstile |
| Renders the "Just a moment..." interstitial | Challenge |
| Redirects through a Cloudflare challenge page before content | Challenge |
| No visible widget but blocks unauthenticated traffic | Challenge |
Examples
import requests
r = requests.post(
"https://api.nslsolver.com/solve",
headers={"X-API-Key": "YOUR_KEY"},
json={
"type": "challenge",
"url": "https://example.com/protected",
"proxy": "http://user:[email protected]:8080",
},
timeout=120,
)
data = r.json()
print(data["cookies"]["cf_clearance"], data["user_agent"])const r = await fetch("https://api.nslsolver.com/solve", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": process.env.NSL_API_KEY,
},
body: JSON.stringify({
type: "challenge",
url: "https://example.com/protected",
proxy: "http://user:[email protected]:8080",
}),
signal: AbortSignal.timeout(120_000),
});
const { cookies, user_agent } = await r.json();curl -X POST https://api.nslsolver.com/solve \
-H "Content-Type: application/json" \
-H "X-API-Key: $NSL_API_KEY" \
-d '{
"type": "challenge",
"url": "https://example.com/protected",
"proxy": "http://user:[email protected]:8080"
}'Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
proxy is required | Missing or empty proxy | Pass a working proxy URL. |
cf_clearance rejected on first request | Different proxy used for replay | Use the same proxy for solve and downstream traffic. |
cf_clearance rejected after a while | Cookie expired | Re-solve. The cookie is short-lived. |
| Repeated 503 | Proxy is on a Cloudflare blocklist | Try residential or a different datacenter range. |