Alibaba Cloud Captcha
Task examples
Below are examples of Alibaba Captcha task types that are currently supported by the CapMonster Cloud service:
Slider CAPTCHA
Puzzle CAPTCHA
Image restoration CAPTCHA
Attention!
CapMonster Cloud uses built-in proxies by default — their cost is already included in the service. You only need to specify your own proxies in cases where the website does not accept the token or access to the built-in services is restricted.
If you are using a proxy with IP authorization, make sure to whitelist the address 65.21.190.34.
Request parameters
type<string>requiredCustomTask
class<string>requiredalibaba
websiteURL<string>requiredFull URL of the page with the CAPTCHA.
sceneId (inside metadata)<string>requiredCAPTCHA scenario identifier, passed in the following format: "sceneId":"1ww7426c4" (see the corresponding section for how to find this value)
prefix (inside metadata)<string>requiredCAPTCHA initialization parameter, passed in the URL of the request used to load the task text on the page.
For example, if the URL looks like: https://dlw3kug.captcha-open.example.aliyuncs.com/, then the value of the prefix parameter corresponds to the subdomain — dlw3kug.
Some websites require additional parameters:
Specify these parameters only if they are present on the website (see more details in the section Working with websites that include extended parameters).
userId (inside metadata)<string>optionalA unique identifier of the user or session on the website side.
userUserId (inside metadata)<string>optionalAn additional (secondary) user identifier.
verifyType (inside metadata)<string>optionalThe version or type of the captcha verification mechanism.
region (inside metadata)<string>optionalThe server or data center region through which the captcha is processed.
UserCertifyId (inside metadata)<string>optionalA unique verification ID associated with the current captcha session.
apiGetLib (inside metadata)<string>optionalA link to the captcha JS library used by the website. The value is generated on the client side and may change dynamically on each page render.
userAgent<string>optionalBrowser User-Agent.
Pass only a valid UA from Windows OS. Currently it is: userAgentPlaceholder
proxyType<string>optionalhttp - standard http/https proxy;
https - try this if "http" doesn't work (needed for some custom proxies);
socks4 - socks4 proxy;
socks5 - socks5 proxy.
proxyAddress<string>optionalIP address of the proxy (IPv4/IPv6). Not allowed:
- using transparent proxies (those exposing the client IP);
- using local machine proxies.
proxyPort<integer>optionalProxy port.
proxyLogin<string>optionalProxy login.
proxyPassword<string>optionalProxy password.
Create task method
Standard variant (without additional parameters)
- CustomTask (without proxy)
- CustomTask (with proxy)
POST
https://api.capmonster.cloud/createTask
Request
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug"
}
}
}
Response
{
"errorId": 0,
"taskId": 407533077
}
POST
https://api.capmonster.cloud/createTask
Request
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}
}
Response
{
"errorId": 0,
"taskId": 407533077
}
Variant with extended parameters (userId, userUserId, verifyType, etc.):
- CustomTask (without proxy)
- CustomTask (with proxy)
POST
https://api.capmonster.cloud/createTask
Request
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"userId": "HpadJlQnz2zSKcSmjXBaqQvjYUvP4jMJIk/ZwGNDNiM=",
"userUserId": "/uSXKkVFuuwxXA21/MpXGxpLStWBEup1B3jjlMUWwNE=",
"verifyType": "1.0",
"region": "sgp",
"UserCertifyId": "0a03e59417757735511105780e2a5e",
"apiGetLib": "https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041"
}
}
}
Response
{
"errorId": 0,
"taskId": 407533077
}
POST
https://api.capmonster.cloud/createTask
Request
{
"clientKey": "API_KEY",
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": "https://www.example.com",
"userAgent": "userAgentPlaceholder",
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"userId": "HpadJlQnz2zSKcSmjXBaqQvjYUvP4jMJIk/ZwGNDNiM=",
"userUserId": "/uSXKkVFuuwxXA21/MpXGxpLStWBEup1B3jjlMUWwNE=",
"verifyType": "1.0",
"region": "sgp",
"UserCertifyId": "0a03e59417757735511105780e2a5e",
"apiGetLib": "https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041"
},
"proxyType": "http",
"proxyAddress": "8.8.8.8",
"proxyPort": 8080,
"proxyLogin": "proxyLoginHere",
"proxyPassword": "proxyPasswordHere"
}
}
Response
{
"errorId": 0,
"taskId": 407533077
}
Get task result method
Use the getTaskResult method to obtain the Alibaba Captcha solution.
POST
https://api.capmonster.cloud/getTaskResult
Request
{
"clientKey": "API_KEY",
"taskId": 407533077
}
Response
{
"errorId": 0,
"errorCode": null,
"errorDescription": null,
"status": "ready",
"solution": {
"data": {
"tokens": "{\"sceneId\":\"1ww7426c4\",\"certifyId\":\"kBjCxX2W2c\",\"deviceToken\":\"U0dfV0VCIzM3...wOGJkMjY=\",\"data\":\"JRMnX3B...EUQdCpLkqSj7THYNf3dn\"}"
}
}
}
How to find all required parameters for task creation
sceneId
sceneId can be obtained after successfully solving the CAPTCHA once:
- Solve the CAPTCHA manually on the website.
- Open DevTools → Network tab.
- Find the request sent after successful verification (e.g., verify, check, validate).
- In the Payload or Response, locate the
sceneId(CaptchaSceneIdorsId) parameter.
This parameter can also be found using search across network requests:
- Open the page with the CAPTCHA, then go to DevTools → Network tab.
- Use search (Ctrl + F) with the keyword
sceneIdorCaptchaSceneId.
prefix
prefix can be obtained from the request URL used on the website to load the CAPTCHA task text:
- Open the page with the CAPTCHA.
- Find the request related to loading the task (usually via DevTools → Network).
Working with websites that include extended parameters
Extracting and preparing captcha parameters
This section describes the general process of extracting required parameters, solving the captcha, and re-submitting the authentication request on the target website.
- Initial authentication request:
POST https://example.com/api/v2/auths/signin
User credentials are sent:
{
"email": "[email protected]",
"password": "hashed_password"
}
Examples of headers are provided in the section Examples of automatic captcha solving.
- Server response detection. The server may return two types of responses:
- 2.1 Standard JSON (no captcha required):
{
"success": false,
"data": {
"code": "Bad_Request",
"details": "The email or password provided is incorrect..."
}
}
This means that no captcha is required and the request is processed normally.
- 2.2 Captcha response (the server returns an HTML page instead of JSON):
<!doctype html>
<meta charset="UTF-8">
<meta name="aliyun_waf_aa" content="...">
<meta name="aliyun_waf_bb" content="...">
...
- Inside the page there is an object with the following data:
var requestInfo = {
data,
region,
sceneId,
token,
traceid,
type,
userId,
userUserId
}
From this object, extract the following parameters used for captcha solving:
userIduserUserIdverifyType(corresponds totype)regionUserCertifyId(corresponds totraceid)
Important: additionally, you must store the authentication values
tokenandtraceid. They are used in subsequent authentication requests asu_atokenandu_asigrespectively.
- Example of generating the captcha JS library URL:
this.currentDate = new Date()
this.AliyunGeneratedDynamicJS =
`https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=${
this.currentDate.getFullYear() +
(this.currentDate.getMonth() + 1) +
this.currentDate.getDate() +
this.currentDate.getHours()
}`
- Building
metadataand the captcha solving request.
These data are sent to our captcha solving service:
{
"metadata": {
"sceneId": "1ww7426c4",
"prefix": "dlw3kug",
"userId": "HpadJlQnz2zSKcSmjXBaqQvjYUvP4jMJIk/ZwGNDNiM=",
"userUserId": "/uSXKkVFuuwxXA21/MpXGxpLStWBEup1B3jjlMUWwNE=",
"verifyType": "1.0",
"region": "sgp",
"UserCertifyId": "0a03e59417757735511105780e2a5e",
"apiGetLib": "https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=2041"
}
}
- Captcha solution retrieval and re-sending the authentication request using previously saved
u_atokenandu_asigparameters:
POST https://example.com/api/v2/auths/signin?u_atoken=...&u_asig=...&u_aref=undefined
If the captcha is solved successfully, the server returns the authentication result (see step 2.1).
Examples of automatic captcha solving
Important
The examples are for demonstration purposes only and illustrate the general logic of working with your website using Alibaba Cloud Captcha protection. In real-world projects, the code may require adaptation depending on the specific website, its requests, and headers.
Important data (API keys, proxy settings, etc.) should be stored in .env files or environment variables.
- JavaScript
- Python
Show code (Node.js)
import "dotenv/config";
import fs from "fs";
import { gotScraping } from "got-scraping";
function parse(text, start, end, isJson = true) {
const startIndex = text.indexOf(start);
if (startIndex === -1) return null;
const contentStart = startIndex + start.length;
const endIndex = text.indexOf(end, contentStart);
if (endIndex === -1) return null;
let extracted = text.substring(contentStart, endIndex).trim();
extracted = extracted.replace(/\n/g, "").trim();
let jsonStr = extracted
.replace(/(['"])?([a-zA-Z0-9_]+)(['"])?:/g, '"$2":')
.replace(/'/g, '"');
try {
return isJson ? JSON.parse(jsonStr) : jsonStr;
} catch (err) {
console.error("Failed to parse JSON:", err.message);
console.error("Parse attempt:", jsonStr);
return null;
}
}
function buildProxyLine(proxyUrl) {
if (!proxyUrl) return undefined;
const parts = proxyUrl.split(":");
// Handling format protocol:ip:port (3 parts)
if (parts.length === 3) {
const [protocol, ip, port] = parts;
return { proxyLine: `${protocol}://${ip}:${port}`, protocol, ip, port };
}
// Handling format protocol:username:password:ip:port (5 parts)
if (parts.length === 5) {
const [protocol, username, password, ip, port] = parts;
return {
proxyLine: `${protocol}://${username}:${password}@${ip}:${port}`,
protocol,
ip,
port,
username,
password,
};
}
// Invalid format
return undefined;
}
const proxyUrl =
process.env.proxyUrl || "http:username:password:127.0.0.1:9029"; // Replace with your proxy or set in .env file
const proxyLine = buildProxyLine(proxyUrl);
const delay = (ms) => new Promise((res) => setTimeout(res, ms));
class Worker {
constructor() {
this.providerVendorSolverUrl = "https://api.capmonster.cloud";
this.API_KEY = process.env.apiKey || "YOUR_API_KEY"; // Replace with your CapMonster Cloud API key
this.currentDate = new Date();
// Dynamic captcha JS library URL generation
this.AliyunGeneratedDynamicJS = `https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?t=${
this.currentDate.getFullYear() +
(this.currentDate.getMonth() + 1) +
this.currentDate.getDate() +
this.currentDate.getHours()
}`;
this.websiteUrl = "https://example.com/auth"; // Replace with captcha page URL
this.userAgent =
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36";
}
async executor() {
console.log(`Fetching captcha parameters....`);
const RequireAuthorizationResponses =
await this.getAuthorizationResponses();
console.log("Captcha pages successfully received");
const requireParamsCaptchas = await this.requireParamsCaptchasData(
RequireAuthorizationResponses,
);
console.log(`Captcha parameters: `, requireParamsCaptchas);
const AlibabaSolvedResult = await this.requireAlibabaSolverResponse(
requireParamsCaptchas,
);
console.log(
`Captcha solving result: `,
AlibabaSolvedResult?.solution?.data?.tokens,
);
const RequireAuthorizationResponsesAfterCaptchaBypass =
await this.sendAuthrozationsRequest();
console.log(RequireAuthorizationResponsesAfterCaptchaBypass);
}
async sendAuthrozationsRequest() {
const response = await gotScraping.post(
`https://example.com/api/v2/auths/signin?u_atoken=${this.AuthorizationParams.u_atoken}&u_asig=${this.AuthorizationParams.u_asig}&u_aref=undefined`,
{
body: JSON.stringify({
email: "[email protected]",
password:
"e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}),
headers: {
Accept: "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Content-Type": "application/json",
Origin: "https://example.com",
Pragma: "no-cache",
Referer: "https://example.com/auth",
Timezone: "Thu Apr 09 2026 23:29:23 GMT+0300",
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
Version: "0.2.36",
"X-Request-Id": "2b4a7a52-d273-4049-a826-156aae856fe5",
"bx-v": "2.5.36",
"sec-ch-ua":
'"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
source: "web",
},
},
);
return response.body;
}
async getAuthorizationResponses() {
const response = await gotScraping.post(
`https://example.com/api/v2/auths/signin`, // Replace with actual auth URL that triggers captcha
{
body: JSON.stringify({
email: "[email protected]",
password:
"e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}),
headers: {
Accept: "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Content-Type": "application/json",
Origin: "https://example.com", // Replace with actual Origin
Pragma: "no-cache",
Referer: "https://example.com/auth", // Replace with actual Referer
Timezone: "Thu Apr 09 2026 23:29:23 GMT+0300",
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
Version: "0.2.36",
"X-Request-Id": "2b4a7a52-d273-4049-a826-156aae856fe5",
"bx-v": "2.5.36",
"sec-ch-ua":
'"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
source: "web",
},
},
);
if (response.body.includes("requestInfo")) {
console.log("Captcha response received successfully:");
fs.writeFileSync("./baseResponse.txt", response.body);
console.log(response.body.substring(0, 150));
return response.body;
}
console.log(response.body);
return await this.getAuthorizationResponses();
}
async requireAlibabaSolverResponse(captchaMetadataParams) {
let cmReqData = {
type: "CustomTask",
class: "alibaba",
websiteURL: this.websiteUrl,
websiteKey: "customTask",
userAgent: this.userAgent,
};
if (captchaMetadataParams) {
cmReqData.metadata = captchaMetadataParams;
}
const response = await gotScraping.post(
`${this.providerVendorSolverUrl}/createTask`,
{
body: JSON.stringify({ clientKey: this.API_KEY, task: cmReqData }),
headers: {
"Content-Type": "application/json",
},
},
);
let JSON_responseData = JSON.parse(response.body);
if (JSON_responseData.errorId) throw new Error("JSON.TaskId.error");
let taskId = JSON_responseData.taskId;
let responseData;
while (true) {
let cmTaskRes = { clientKey: this.API_KEY, taskId: taskId };
let task_response = await gotScraping.post(
`${this.providerVendorSolverUrl}/getTaskResult`,
{
body: JSON.stringify(cmTaskRes),
headers: {
"Content-Type": "application/json",
},
},
);
let JSON_responseDataTaskResponse = JSON.parse(task_response.body);
if (JSON_responseDataTaskResponse.status !== "processing") {
responseData = JSON_responseDataTaskResponse;
break;
}
await delay(5000);
}
return responseData;
}
async requireParamsCaptchasData(responsesCaptchaPage) {
const JsonData = parse(
responsesCaptchaPage,
':none">var requestInfo = ',
";",
true,
);
// Save authorization parameters for later use in retry login request
this.AuthorizationParams = {
u_atoken: JsonData.token,
u_asig: JsonData.traceid,
};
return {
prefix: "57d98d02303c01e7d2f7814c75224396",
sceneId: JsonData.sceneId,
userId: JsonData.userId,
userUserId: JsonData.userUserId,
verifyType: "1.0",
region: JsonData.region,
UserCertifyId: JsonData.traceid,
apiGetLib: this.AliyunGeneratedDynamicJS,
};
}
}
new Worker().executor();
Show code
import os
import json
import time
import re
import requests
from datetime import datetime
def parse(text, start, end, is_json=True):
start_index = text.find(start)
if start_index == -1:
return None
content_start = start_index + len(start)
end_index = text.find(end, content_start)
if end_index == -1:
return None
extracted = text[content_start:end_index].strip()
extracted = extracted.replace("\n", "").strip()
json_str = re.sub(r"(['\"])?([a-zA-Z0-9_]+)(['\"])?:", r'"\2":', extracted)
json_str = json_str.replace("'", '"')
try:
return json.loads(json_str) if is_json else json_str
except Exception as e:
print("Failed to parse JSON:", str(e))
print("Parse attempt:", json_str)
return None
def build_proxy(proxy_url: str):
"""
Supported formats:
protocol:ip:port
protocol:username:password:ip:port
"""
if not proxy_url:
return None
parts = proxy_url.split(":")
if len(parts) == 3:
protocol, ip, port = parts
proxy_line = f"{protocol}://{ip}:{port}"
return {
"http": proxy_line,
"https": proxy_line,
}
if len(parts) == 5:
protocol, username, password, ip, port = parts
proxy_line = f"{protocol}://{username}:{password}@{ip}:{port}"
return {
"http": proxy_line,
"https": proxy_line,
}
return None
class Worker:
def __init__(self):
self.provider_vendor_solver_url = "https://api.capmonster.cloud"
self.api_key = os.getenv("API_KEY", "YOUR_API_KEY") # Replace with your CapMonster Cloud API key
now = datetime.now()
self.aliyun_generated_dynamic_js = (
# Dynamic captcha JS library URL generation
"https://o.example.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js?"
f"t={now.year}{now.month}{now.day}{now.hour}"
)
self.website_url = "https://example.com/auth" # Replace with captcha page URL
self.user_agent = (
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
"AppleWebKit/537.36 (KHTML, like Gecko) "
"Chrome/146.0.0.0 Safari/537.36"
)
self.authorization_params = {}
# ===================== PROXY =====================
proxy_url = os.getenv(
"proxyUrl",
"http:username:password:127.0.0.1:9029" # Replace with your proxy or set in .env file
)
self.proxies = build_proxy(proxy_url)
self.session = requests.Session()
# attach proxy to session (IMPORTANT)
if self.proxies:
self.session.proxies.update(self.proxies)
self.headers = {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-US,en;q=0.9",
"Content-Type": "application/json",
"Origin": "https://example.com", # Replace with actual Origin
"Pragma": "no-cache",
"Referer": "https://example.com/auth", # Replace with actual Referer
"Timezone": "Thu Apr 09 2026 23:29:23 GMT+0300",
"User-Agent": self.user_agent,
"Version": "0.2.36",
"X-Request-Id": "2b4a7a52-d273-4049-a826-156aae856fe5",
"bx-v": "2.5.36",
"sec-ch-ua": '"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
"source": "web",
}
def executor(self):
print("Fetching captcha parameters....")
captcha_page = self.get_authorization_responses()
print("Captcha pages successfully received")
captcha_params = self.require_params_captchas_data(captcha_page)
print("Captcha parameters:", captcha_params)
solved = self.require_alibaba_solver_response(captcha_params)
print("Captcha solving result:", solved)
final_response = self.send_authorization_request()
print(final_response)
def get_authorization_responses(self):
url = "https://example.com/api/v2/auths/signin" # Replace with actual auth URL that triggers captcha
payload = {
"email": "[email protected]",
"password": "e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}
while True:
response = self.session.post(
url,
headers=self.headers,
data=json.dumps(payload),
)
text = response.text
if "requestInfo" in text:
print("Captcha response successfully received")
with open("baseResponse.txt", "w", encoding="utf-8") as f:
f.write(text)
print(text[:150])
return text
print("no captcha -> retry")
def require_params_captchas_data(self, html):
json_data = parse(html, ':none">var requestInfo = ', ";", True)
# Save authorization parameters for later use in retry login request
self.authorization_params = {
"u_atoken": json_data["token"],
"u_asig": json_data["traceid"],
}
return {
"prefix": "57d98d02303c01e7d2f7814c75224396",
"sceneId": json_data["sceneId"],
"userId": json_data["userId"],
"userUserId": json_data["userUserId"],
"verifyType": "1.0",
"region": json_data["region"],
"UserCertifyId": json_data["traceid"],
"apiGetLib": self.aliyun_generated_dynamic_js,
}
def require_alibaba_solver_response(self, metadata):
task_payload = {
"clientKey": self.api_key,
"task": {
"type": "CustomTask",
"class": "alibaba",
"websiteURL": self.website_url,
"websiteKey": "customTask",
"userAgent": self.user_agent,
"metadata": metadata,
},
}
response = requests.post(
f"{self.provider_vendor_solver_url}/createTask",
json=task_payload,
)
data = response.json()
if data.get("errorId"):
raise Exception("Task creation error")
task_id = data["taskId"]
while True:
result = requests.post(
f"{self.provider_vendor_solver_url}/getTaskResult",
json={"clientKey": self.api_key, "taskId": task_id},
).json()
if result["status"] != "processing":
return result
time.sleep(5)
def send_authorization_request(self):
url = (
"https://example.com/api/v2/auths/signin"
f"?u_atoken={self.authorization_params['u_atoken']}"
f"&u_asig={self.authorization_params['u_asig']}"
"&u_aref=undefined"
)
payload = {
"email": "[email protected]",
"password": "e2577eeb61dc2197dfe94816d731f2941ccd0b66de8dc97aacb377bfe8476970",
}
response = self.session.post(
url,
headers=self.headers,
data=json.dumps(payload),
)
return response.text
if __name__ == "__main__":
Worker().executor()
