When using Scrapingbypass API to handle Cloudflare "5-second challenges" (JavaScript challenges and WAF clearance), you do not need to modify the structure of your original request body. You can use the raw payload captured from your network inspection tools (e.g., Chrome DevTools, Fiddler, or Charles).

The bypass logic is primarily controlled via Request Headers rather than the body content.

Implementation Steps

1. Capture the Payload: Use the exact JSON or Form-data body required by the target endpoint.
2. Configure Headers: The Scrapingbypass API engine uses specific headers to trigger the bypass environment and fingerprint impersonation.
3. Maintain Session Consistency: Ensure that the User-Agent and other fingerprint-related headers match the session state maintained by the API.

Request Configuration Example

To send a POST request through the bypass engine, structure your call as follows:

POST /target-endpoint HTTP/1.1
Host: api.scrapingbypass.com
X-Cb-Version: V2
X-Cb-Proxy: http://user:pass@proxy-ip:port
Content-Type: application/json

{
    "original_key": "original_value",
    "data": "your_captured_payload"
}

Key Integration Rules

• Header-Driven Logic: All bypass instructions (Session ID, Sitekey, Proxy configuration) must reside in the headers. The request body remains transparent to the bypass process.
• V2 Requirement: For JavaScript challenges and Turnstile, ensure X-Cb-Version: V2 is specified to enable the full browser emulation stack.
• Fingerprint Alignment: Do not manually alter headers like Accept-Language or User-Agent within the body logic. Scrapingbypass API automatically aligns these with the TLS/JA3 impersonation layer to prevent WAF detection.

Technical Note

If the request body requires a dynamic token (such as a Turnstile response), refer to the Automated Token Injection guide and use the [cf_token] placeholder within your JSON payload. The backend will replace this placeholder with a valid challenge solution before forwarding the request.