search

Datadome

hashtag
Description

  • Parameter invocation is very complex

  • When you see datadome in cookies, it means datadome verification exists, with three cases, for example:

    • When you want to access https://www.vinted.com/, use proxy to request https://www.vinted.com/:

      • Status code is not 403 (seamless mode):

        • Open f12 and check if there are URLs ending with /js/ and API response similar to:

          {
"status": 200,
"cookie": "datadome=66wPBABk21P4x28BLuVse__8_z141EPJEjbgi1HBvNGBcHmX91OT1Z9Z63G4x_suPlRPQ_tgwljYmI5mWxpmkMJ3pKrcnAVKHZs2ymS_2O4nM5wEblvP~~nK3orSol0W; Max-Age=31536000; Domain=.soundcloud.com; Path=/; Secure; SameSite=Lax"
}

          For seamless verification type, you must pass js_url (the URL ending with /js). This mode will return a did parameter in the extra field of our API response, which is very important for subsequent datadome verifications on this page!!!

        • If the homepage is seamless mode, then subsequent key data APIs (such as login, query, etc.) will carry the datadome cookie and return a response similar to:

          {
"url": "https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAqpOrr0GfIWgAudQ9Vg==&cid=w9vlJ4Xaf117hm82ORPnno7AnVvPPCoZ2gCDLj~Nch09ENObNXSzDWFekvMpp8ScynMSrB3~jsXcFtU9Y8mhOUscfnu1k_a~4_GMyGRE29_Gy~skFDqfX8tQJv1Va5Fv&referer=http%3A%2F%2Fapi-auth.soundcloud.com%2Fweb-auth%2Fidentifier%3Fq%3Desbiya1%2540gmail.com%26client_id%3D1q3v4x1lu3DpcWb4fAz0urivByipMEMK&hash=7FC6D561817844F25B65CDD97F28A1&t=fe&s=48134&e=faa8c1fb03676ac05d3bbe1d876a2d60168a7a2bab3adb5366483fc829465498"
}

          To bypass this captcha, you need to pass href (current browser page URL), captcha_url (the URL in the response), as well as the did parameter returned by seamless mode, and cookies: {"datadome": 'datadome from seamless mode'}. This means if you use the datadome cookie from seamless mode to access your target data API and get slider or device captcha mode again, you need to pass href, captcha_url, did, cookies. Seamless captcha example

      • Status code 403 (device verification mode):

        • If entering the target page directly redirects to device verification page or after bypassing slider captcha you are redirected to this verification, then it’s interstitial device verification mode, please pass parameter interstitial: true Device verification example

      • Status code 403 (slider captcha):

        • If entering the target page directly redirects to slider captcha page, then it’s captcha slider captcha mode Slider captcha example

    • In short, first request your target page URL, if status code is 200 use seamless mode, if 403 use captcha mode, similar to the following pseudo-code:

    # Request target page href
resp = session.get(href, headers=headers)
  
# Status code 200 is seamless verification mode
if resp.status_code == 200:
    res = DatadomeCracker(
        user_token=USER_TOKEN,
        href=href,
        user_agent=user_agent,
        js_url="https://dd.vinted.lt/js",
        js_key=js_key,
        proxy=proxy,
    ).crack()
# Status code 403, specify interstitial as true to ensure bypassing all datadome captcha modes encountered, get final valid datadome
elif resp.status_code == 403:
    res = DatadomeCracker(
      user_token=USER_TOKEN,
        href=href,
        user_agent=user_agent,
        interstitial=True,
        proxy=proxy,
    ).crack()

hashtag
Request URL (POST):

Version
API URL

Universal

https://wtf.red/api/datadome

hashtag
Request Headers:

Parameter Name
Description
Required

x-api-key

User secret, get from homepage

Yes

Content-Type

application/json

Yes

hashtag
POST Data (JSON):

Parameter Name
Type
Description
Required

href

String

Page URL that triggers datadome verification

Yes

proxy

String

No need to keep proxy consistent, if passing proxy please use overseas proxy, format: ip:port or usr:pwd@ip:port (contact admin if issues)

Yes

js_url

String

Required for js mode, API ending with /js/ that returns datadome cookie, e.g.: https://dwt.soundcloud.com/js/

No

js_key

String

Required for js mode, search for ddjskey value in f12, e.g.: E6EAF460AA2A8322D66B42C85B62F9

No

captcha_url

String

"url": "/captcha?initCid=xxx" triggered by post(xhr) API

No

interstitial

Boolean

Whether interstitial device verification mode will be triggered, default false

No

user_agent

String

Custom user_agent, must keep user-agent consistent

No

did

String

Fingerprint ID returned by js mode (in extra property), pass this parameter for subsequent slider captcha from xhr APIs

No

cookies

String

Current page cookies

No

timeout

Integer

Verification timeout

No

hashtag
Response Data (JSON):

Successful Response

Parameter Name
Type
Description

status

Integer

Whether the call was successful, 1 for success, 0 for failure. Use this value to judge

msg

String

Chinese description of the result

id

String

The unique request ID for this particular request (can be used for subsequent record queries)

data.datadome

String

The available datadome cookie returned after successful verification, can be used for subsequent verification APIs

cost

String

Verification time taken (in milliseconds)

PreviousKasadaNextShape

Last updated