← Back to full docs
POST /solve

Cloudflare 5s Challenge

Solve Cloudflare's browser integrity check. Returns clearance cookies, a matching user-agent, and form attributes needed to complete the challenge on the target site.

Authentication

Pass your API key via the X-API-Key header on every request.

Keep your key secret. Never expose it in client-side code or commit it to version control.

Endpoint

POST/solve

Parameters

ParameterTypeRequiredDescription
task_typestringyesMust be "cloudflare5stask"
urlstringyesTarget page URL — must end with a trailing slash (/)
proxystringyesSticky/session proxy in http://user:pass@ip:port format
user_agentstringnoWindows Chrome user-agent (only Windows Chrome is supported)
htmlstringnoPre-fetched page HTML — optional optimisation to skip an initial fetch
Sticky proxies required. Cloudflare validates that the same IP is used throughout the session. Each new session needs a fresh proxy session.

Request / Response

Request

{
  "task_type": "cloudflare5stask",
  "url": "https://example.com/",
  "proxy": "http://user:pass@1.2.3.4:8080"
}

Response

{
  "success": true,
  "data": {
    "cookies": {
      "cf_clearance": "xxx",
      "__cf_bm": "xxx"
    },
    "headers": {
      "User-Agent": "Mozilla/5.0..."
    },
    "attributes": {
      "md": "xxx",
      "r": "xxx"
    },
    "cf_rt": "challenge_token"
  }
}

Using the Response — 4 Steps

1Apply the cookies from the response to your HTTP session.
2POST the attributes as form-encoded body to the target URL with Content-Type: application/x-www-form-urlencoded.
3Set the Referer header to {url}?__cf_chl_tk={cf_rt}.
4Use the exact User-Agent from the response for all subsequent requests.

Code Examples

import requests

TARGET_URL = "https://example.com/"
PROXY = "http://user:pass@1.2.3.4:8080"  # Sticky session proxy

# Step 1: Get WAF solution from Peak API
response = requests.post(
    "https://api.peak.fo/solve",
    headers={
        "X-API-Key": "pk_your_api_key",
        "Content-Type": "application/json"
    },
    json={
        "task_type": "cloudflare5stask",
        "url": TARGET_URL,
        "proxy": PROXY
    }
)

data = response.json()
if not data["success"]:
    raise Exception(f"Solve failed: {data['error']}")

solution = data["data"]
clearance = solution["cookies"]["cf_clearance"]
cf_bm = solution["cookies"].get("__cf_bm", "")
cf_rt = solution["cf_rt"]
attributes = solution["attributes"]
user_agent = solution["headers"]["User-Agent"]

# Step 2: Build attributes as form data
form_data = "&".join([f"{k}={v}" for k, v in attributes.items()])

# Step 3: Create session with cookies
session = requests.Session()
session.cookies.set("cf_clearance", clearance, domain="example.com")
if cf_bm:
    session.cookies.set("__cf_bm", cf_bm, domain="example.com")

# Step 4: POST to complete the challenge
resp = session.post(
    TARGET_URL,
    data=form_data,
    headers={
        "User-Agent": user_agent,
        "Referer": f"{TARGET_URL}?__cf_chl_tk={cf_rt}",
        "Content-Type": "application/x-www-form-urlencoded",
    },
    proxies={"http": PROXY, "https": PROXY}
)

print(f"Status: {resp.status_code}")
# Now you can make requests with the session cookies