Download the api client based example codes:

New Turnstile API support

What are "Cloudflare Turnstyle" challenges?

Is a captha made by Cloudflare. They`re challenges that typically require the user to align and click on certain images.

For your convenience, we implemented support for Turnstile API. If your software works with it, and supports minimal configuration, you should be able to decode Turnstile using Death By Captcha in no time.

  • Turnstile API: Provided a site url and Turnstile site key, the API returns a token that you will use to submit the form in the page with the Turnstile challenge.


For the time being, price is $2.89/1K Turnstile challenges correctly solved. You will not be billed for Turnstile reported as incorrectly solved. Note that this pricing applies to new Turnstile challenges only, so only customers using this specific API will be charged said rate.

Turnstile API FAQ:

What`s the Turnstile API URL?

To use the Turnstile API you will have to send a HTTP POST Request to

What are the POST parameters for the Turnstile API?

  • username: Your DBC account username
  • password: Your DBC account password
  • type=12: Type 12 specifies this is a Turnstile API
  • turnstile_params=json(payload): the data to access the turnstile challenge
  • json payload structure:
    • proxy: your proxy url and credentials (if any).Examples:
    • proxytype: your proxy connection protocol. For supported proxy types refer to Which proxy types are supported?. Example:
      • HTTP
    • sitekey: the turnstile site key of the website with the turnstile.


      • 0x4AAAAAAAGlwMzq_9z6S9Mh

      You need to locate site key of Turnstile. You can locate turnstile`s div element and check the value of data-sitekey parameter or inside sitekey property in JavaScript code. Also the sitekey can be found in the URL of the captcha`s iframe.

    • pageurl: the url of the page with the Turnstile challenges. This url has to include the path in which the Turnstile is loaded. Example: if the Turnstile you want to solve is in, pageurl has to be and not
    • action (optional): Value of optional action parameter you found on page, can be defined in data-action attribute or passed to turnstile.render call.

    The proxy parameter is optional, but we strongly recommend to use one to prevent rejection by the provided page due to inconsistencies between the IP that solved the captcha (ours if no proxy is provided) and the IP that submitted the solution for verification (yours).

    Note: if proxy is provided, proxytype is a required parameter.

    Full example of turnstile_params:

        'proxy': 'http://user:[email protected]:1234',
        'proxytype': 'HTTP',
        'sitekey': '0x4AAAAAAAGlwMzq_9z6S9Mh',
        'pageurl': ''

    Full example of turnstile_params with optional parameter action:

        'proxy': 'http://user:[email protected]:1234',
        'proxytype': 'HTTP',
        'sitekey': '0x4AAAAAAAGlwMzq_9z6S9Mh',
        'pageurl': '',
        'action': 'action'

What`s the response from the Turnstile API?

The Turnstile API response has the following structure. It`s valid for one use and has a 2 minute lifespan. It will be a string like the following:


Use the token returned in your interaction with the target website. Normally the token is sent through the input with name="cf-turnstile-response" or when reCAPTCHA compatibility mode is enabled, also in input with name="g-recaptcha-response". Also the token can be processed by a callback function defined in turnstile.render call or inside data-callback attribute.

Which proxy types are supported?

Currently, only HTTP proxies are supported. Support for other types will be added in the future.

Using Turnstile API with api clients:

     * Death by Captcha PHP API turnstile usage example
     * @package DBCAPI
     * @subpackage PHP

     * DBC API clients
    require_once '../deathbycaptcha.php';

    $username = "username";  // DBC account username
    $password = "password";  // DBC account password
    $token_from_panel = "your-token-from-panel";  // DBC account authtoken

    // Use DeathByCaptcha_SocketClient() class if you want to use SOCKET API.
    $client = new DeathByCaptcha_HttpClient($username, $password);
    $client->is_verbose = true;

    // To use token the first parameter must be authtoken.
    // $client = new DeathByCaptcha_HttpClient("authtoken", $token_from_panel);

    echo "Your balance is {$client->balance} US cents\n";

    // Set the proxy and turnstile token data
    $data = array(
        'proxy' => 'http://user:[email protected]:1234',
        'proxytype' => 'HTTP',
        'sitekey' => '0x4AAAAAAAGlwMzq_9z6S9Mh',
        'pageurl' => ''
    //Create a json string
    $json = json_encode($data);

    //Put the type and the json payload
    $extra = [
        'type' => 12,
        'turnstile_params' => $json,

    // Put null the first parameter and add the extra payload
    if ($captcha = $client->decode(null, $extra)) {
        echo "CAPTCHA {$captcha['captcha']} uploaded\n";


        // Poll for CAPTCHA indexes:
        if ($text = $client->get_text($captcha['captcha'])) {
            echo "CAPTCHA {$captcha['captcha']} solved: {$text}\n";

            // Report an incorrectly solved CAPTCHA.
            // Make sure the CAPTCHA was in fact incorrectly solved!

    # turnstile
    import deathbycaptcha
    import json

    # Put your DBC account username and password here.
    username = "username"
    password = "password"

    # you can use authtoken instead of user/password combination
    # activate and get the authtoken from DBC users panel
    authtoken = "authtoken"

    # to use socket client
    # client = deathbycaptcha.SocketClient(username, password)

    # to use authtoken
    # client = deathbycaptcha.SocketClient(username, password, authtoken)

    client = deathbycaptcha.HttpClient(username, password)

    # Put the proxy and turnstile data
    Captcha_dict = {
        'proxy': 'http://user:[email protected]:1234',
        'proxytype': 'HTTP',
        'sitekey': '0x4AAAAAAAGlwMzq_9z6S9Mh',
        'pageurl': ''

    # Create a json string
    json_Captcha = json.dumps(Captcha_dict)

        balance = client.get_balance()

        # Put your CAPTCHA type and Json payload here:
        captcha = client.decode(type=12, turnstile_params=json_Captcha)
        if captcha:
            # The CAPTCHA was solved; captcha["captcha"] item holds its
            # numeric ID, and captcha["text"] its text token solution.
            print("CAPTCHA %s solved: %s" % (captcha["captcha"], captcha["text"]))

            if '':  # check if the CAPTCHA was incorrectly solved

    except deathbycaptcha.AccessDeniedException:
        # Access to DBC API denied, check your credentials and/or balance
        print("error: Access to DBC API denied, check your credentials and/or balance")


    import com.DeathByCaptcha.AccessDeniedException;
    import com.DeathByCaptcha.Client;
    import com.DeathByCaptcha.HttpClient;
    import com.DeathByCaptcha.SocketClient;
    import com.DeathByCaptcha.Captcha;
    import org.json.JSONObject;


    class ExampleTurnstile {
        public static void main(String[] args)
                throws Exception {

            // Put your DBC username & password or authtoken here:
            String username = "your_username_here";
            String password = "your_password_here";
            String authtoken = "your_authtoken_here";

            /* Death By Captcha Socket Client
               Client client = (Client) (new SocketClient(username, password));
               Death By Captcha http Client */
            Client client = (Client) (new HttpClient(username, password));
            client.isVerbose = true;

            /* Using authtoken
               Client client = (Client) new HttpClient(authtoken); */

            try {
                try {
                    System.out.println("Your balance is " + client.getBalance()
                                                          + " US cents");
                } catch (IOException e) {
                    System.out.println("Failed fetching balance: " + e.toString());

                Captcha captcha = null;
                try {
                    // Proxy and turnstile data
                    String proxy = "http://user:[email protected]:1234";
                    String proxytype = "http";
                    String sitekey = "0x4AAAAAAAGlwMzq_9z6S9Mh";
                    String pageurl = "";
                    /* Upload a turnstile and poll for its status with 120 seconds timeout.
                       Put your proxy, proxy type, page sitekey, page url and solving
                       timeout (in seconds) 0 or nothing for the default timeout value. */
                    captcha = client.decode(12, proxy, proxytype, sitekey, pageurl);

                    //other method is to send a json with the parameters
                    JSONObject json_params = new JSONObject();
                    json_params.put("proxy", proxy);
                    json_params.put("proxytype", proxytype);
                    json_params.put("sitekey", sitekey);
                    json_params.put("pageurl", pageurl);
                    captcha = client.decode(12, json_params);
                } catch (IOException e) {
                    System.out.println("Failed uploading CAPTCHA");
                if (null != captcha) {
                    System.out.println("CAPTCHA " + + " solved: "
                                                               + captcha.text);

                    /* Report incorrectly solved CAPTCHA if necessary.
                       Make sure you've checked if the CAPTCHA was in fact incorrectly
                       solved, or else you might get banned as abuser. */
                    /*try {
                        if ( {
                            System.out.println("Reported as incorrectly solved");
                        } else {
                                "Failed reporting incorrectly solved CAPTCHA");
                    } catch (IOException e) {
                           "Failed reporting incorrectly solved CAPTCHA:" + e.toString());
                } else {
                    System.out.println("Failed solving CAPTCHA");
            } catch (com.DeathByCaptcha.Exception e) {



    // turnstile

    using System;
    using System.Collections;
    using DeathByCaptcha;

    namespace DBC_Examples.examples
        public class Turnstile Example
            public void Main()
                // Put your DeathByCaptcha account username and password here.
                string username = "your username";
                string password = "your password";
                // string token_from_panel = "your-token-from-panel";

                /* Death By Captcha Socket Client
                   Client client = (Client) new SocketClient(username, password);
                   Death By Captcha http Client */
                Client client = (Client) new HttpClient(username, password);

                /* To use token authentication the first parameter must
                be "authtoken".
                Client client = (Client) new HttpClient("authtoken",
                                                        token_from_panel); */

                // Put your Proxy credentials and type here
                string proxy = "http://user:[email protected]:1234";
                string proxyType = "HTTP";
                string sitekey = "0x4AAAAAAAGlwMzq_9z6S9Mh";
                string pageurl = "";

                string turnstileParams = "{\"proxy\": \"" + proxy + "\"," +
                                        "\"proxytype\": \"" + proxyType + "\"," +
                                        "\"sitekey\": \"" + sitekey + "\"," +
                                        "\"pageurl\": \"" + pageurl + "\"}";
                    double balance = client.GetBalance();

                    /* Upload a CAPTCHA and poll for its status. Put the Turnstile
                       Json payload, CAPTCHA type and desired solving timeout
                       (in seconds) here. If solved, you'll receive a
                       DeathByCaptcha.Captcha object. */
                    Captcha captcha = client.Decode(Client.DefaultTimeout,
                        new Hashtable()
                            {"type", 12},
                            {"turnstile_params", turnstileParams}

                    if (null != captcha)
                        /* The CAPTCHA was solved; captcha.Id property holds
                        its numeric ID, and captcha.Text holds its text. */
                        Console.WriteLine("CAPTCHA {0} solved: {1}",
                            captcha.Id, captcha.Text);

    //                  if ( /* check if the CAPTCHA was incorrectly solved */)
    //                  {
    //                      client.Report(captcha);
    //                  }
                catch (AccessDeniedException e)
                    /* Access to DBC API denied,
                                check your credentials and/or balance */
                    Console.WriteLine("<<< catch : " + e.ToString());


    Imports DeathByCaptcha

    Public Class Turnstile
        Sub Main(args As String())

            ' Put your DBC username & password or authtoken here:
            Dim username = "username"
            Dim password = "password"
            Dim token_from_panel = "your-token-from-panel"

            ' DBC Socket API client
            ' Dim client As New SocketClient(username, password)
            ' DBC HTTP API client
            Dim client As New HttpClient(username, password)

            ' To use token auth the first parameter must be "authtoken"
            ' Dim client As New HttpClient("authtoken", token_from_panel)

            ' Proxy and turnstile data
            Dim proxy = "http://user:[email protected]:1234"
            Dim proxyType = "HTTP"
            Dim sitekey = "0x4AAAAAAAGlwMzq_9z6S9Mh"
            Dim pageurl = ""

            Console.WriteLine(String.Format("Your balance is {0,2:f} US cents",

            ' Create a JSON with the extra data
            Dim turnstileParams = "{""proxy"": """ + proxy + """," +
                                 """proxytype"": """ + proxyType + """," +
                                 """sitekey"": """ + sitekey + """," +
                                 """pageurl"": """ + pageurl + """}"

            ' Create the payload with the type and the extra data
            Dim extraData As New Hashtable()
            extraData.Add("type", 12)
            extraData.Add("turnstile_params", turnstileParams)

            ' Upload a CAPTCHA and poll for its status.  Put the Turnstile
            ' Json payload, CAPTCHA type and desired solving timeout (in seconds)
            ' here. If solved, you'll receive a DeathByCaptcha.Captcha object.
            Dim captcha As Captcha = client.Decode(
                                    DeathByCaptcha.Client.DefaultTimeout, extraData)
            If captcha IsNot Nothing Then
                Console.WriteLine(String.Format("CAPTCHA {0:d} solved: {1}",
                                                captcha.Id, captcha.Text))

                ' Report an incorrectly solved CAPTCHA.
                ' Make sure the CAPTCHA was in fact incorrectly solved, do not
                ' just report it at random, or you might be banned as abuser.
                ' If client.Report(captcha) Then
                '    Console.WriteLine("Reported as incorrectly solved")
                ' Else
                '    Console.WriteLine("Failed reporting as incorrectly solved")
                ' End If
            End If
        End Sub

    * Death by Captcha Node.js API turnstile usage example

    const dbc = require('../deathbycaptcha');

    const username = 'username';     // DBC account username
    const password = 'password';     // DBC account password
    const token_from_panel = 'your-token-from-panel';   // DBC account authtoken

    // Proxy and turnstile token data
    const turnstile_params = JSON.stringify({
        'proxy': 'http://username:[email protected]:3128',
        'proxytype': 'HTTP',
        'sitekey': '0x4AAAAAAAGlwMzq_9z6S9Mh',
        'pageurl': ''

    // Death By Captcha Socket Client
    // const client = new dbc.SocketClient(username, password);
    // Death By Captcha http Client
    const client = new dbc.HttpClient(username, password);

    // To use token authentication the first parameter must be "authtoken"
    // const client = new dbc.HttpClient("authtoken", token_from_panel);

    // Get user balance
    client.get_balance((balance) => {

    // Solve captcha with type 12 & turnstile_params extra arguments
    client.decode({extra: {type: 12, turnstile_params: turnstile_params}},
       (captcha) => {

        if (captcha) {
            console.log('Captcha ' + captcha['captcha'] + ' solved: '
                                                    + captcha['text']);

            * Report an incorrectly solved CAPTCHA.
            * Make sure the CAPTCHA was in fact incorrectly solved!
            *['captcha'], (result) => {
            *   console.log('Report status: ' + result);
            * });


Status: OK

Servers are fully operational with faster than average response time.
  • Average solving time
  • 3 seconds - Normal CAPTCHAs (1 min. ago)
  • 28 seconds - reCAPTCHA V2, V3, etc (1 min. ago)
  • 19 seconds - hCAPTCHA & others (1 min. ago)
Chrome and Firefox logos
Browser extensions available


  1. Apr 26: RESOLVED - The website (the API remained/remains fully functional) was sporadically inaccessible due to network issues on April 25th & 26th. This situation was fully resolved and everything is back to 100%.
  2. Feb 26: NEW TYPE ADDED - Now supporting Friendly CAPTCHA!! See the details at
  3. Nov 22: Now supporting Amazon WAF!! See the details at

  4. Previous updates…


Our system is designed to be completely user-friendly and easy-to-use. Should you have any trouble with it, simply email us at DBC technical support emailcom, and a support agent will get back to you as soon as possible.

Live Support

Available Monday to Friday (10am to 4pm EST) Live support image. Link to live support page