A captcha-solving API turns "a human has to click this" into a normal HTTP call: you describe the challenge, the service solves it, and you get back a token or cookie you submit like a real browser would. This post walks the model end to end so you know what you are actually paying for.
why captchas block automation
reCAPTCHA, hCaptcha, AWS WAF, and similar systems exist to tell a script apart from a person. They run JavaScript, score behaviour, and hand the page a token only once they are satisfied. A plain HTTP client never runs that JavaScript, so it never earns the token - and the protected action (login, checkout, search) stays closed.
A solving API closes that gap without you driving a full browser yourself.
the create-task / poll / token model
Almost every solving API (CapBypass included) uses the same two-step async shape:
-
createTask- you POST a description of the challenge (type, site URL, site key). You get ataskIdback immediately. -
getTaskResult- you poll thattaskIduntilstatusflips toready, then read thesolution.
# 1. create
curl -s https://api.capbypass.pro/createTask \
-H 'Content-Type: application/json' \
-d '{ "clientKey": "YOUR_API_KEY",
"task": { "type": "ReCaptchaV2Task",
"websiteURL": "https://example.com/login",
"websiteKey": "6Lc...",
"proxy": "host:port:user:pass" } }'
# -> { "errorId": 0, "taskId": "5f9b...-uuid" }
# 2. poll
curl -s https://api.capbypass.pro/getTaskResult \
-H 'Content-Type: application/json' \
-d '{ "clientKey": "YOUR_API_KEY", "taskId": "5f9b...-uuid" }'
# -> { "status": "ready", "solution": { "gRecaptchaResponse": "03AGdBq25..." } }
It is async because solving takes a few seconds, and polling keeps your code simple: fire, wait, read.
what happens server-side
While you poll, the service does the work you would otherwise have to: it runs the challenge's JavaScript, presents a coherent device fingerprint, routes through an appropriate IP, and produces a token the target will accept. Good APIs also hand back the userAgent (and client-hint headers) they used, so you can match them on your own request and keep the identity consistent.
You never see any of that machinery - you see a taskId and, a few seconds later, a solution.
token captchas vs cookie captchas
The solution shape depends on the challenge family:
-
Token-based (reCAPTCHA, hCaptcha): you get a token (
gRecaptchaResponse) that you inject into the form field or request body the site checks. -
Cookie / challenge-based (AWS WAF, Cloudflare-style): you get a cookie string (e.g.
aws-waf-token=...) that you set on your HTTP session before retrying the original request.
Same flow, different thing to replay. The API reference lists every solution field per task type.
what you pay for
Solving APIs bill per solved task, not per month - a few hundredths of a cent to a few cents depending on the captcha type. You pay only when a task returns ready with a usable solution, which is why the model scales cleanly from a handful of solves to millions. New accounts start with the getting-started flow and a small balance.
faq
Is it just OCR?
No. Modern captchas (reCAPTCHA v3, AWS WAF) are not images to read - they are JavaScript challenges and behavioural scores. A solving API runs the challenge and returns a token, which is very different from reading text off a picture.
How long does a solve take?
Typically a few seconds. That is why the API is async: you create a task, poll getTaskResult, and read the solution when status is ready.
Do I still need a proxy?
For IP-sensitive captchas (reCAPTCHA v3, AWS WAF on strict targets), yes - you pass your own proxy so the solve happens from a clean IP. Proxyless task variants use a shared pool and suit lower-stakes targets.
What do I do with the result?
Token captchas: inject the token into the form/body. Cookie captchas: set the returned cookie on your HTTP session, then replay the original request.
Originally published on capbypass.pro. CapBypass is an AI-powered captcha-solving API for reCAPTCHA, hCaptcha, Cloudflare Turnstile and AWS WAF.
Top comments (0)