Cloudflare Bypass API — Free & Open

Solve Cloudflare
Challenges Instantly

Turnstile tokens and UAM cookies through a single POST request. No API keys, no sign-ups. Just send a URL and get the solution back.

Read the Docs Live Stats
Core Features

What SOLVER Does

Sub-2s Solve Times

Browser workers stay warm in a persistent pool. Your request lands on an already-running Chromium instance — no cold start, no boot delay. Average Turnstile solve sits around 1.4 seconds.

Self-Healing Workers

When a browser tab crashes or leaks memory, the pool kills it and spawns a replacement automatically. Xvfb keeps the virtual display alive. Systemd restarts the process if it dies.

Two Endpoints Only

/api/solve for Turnstile tokens. /api/solve/uam for Under Attack Mode cookies. POST JSON, get JSON. Works with curl, Python requests, Node fetch, or any HTTP client.

Residential IP
No Proxies
99.9%
Uptime
Zero
Auth Required
Free
Forever
Integration Guide

How to Use It

Three steps. No auth headers, no OAuth, no SDK. Just POST and read the response.

Send the request

POST to /api/solve with {"url": "...", "sitekey": "..."}. For UAM, hit /api/solve/uam with just the URL. Content-Type: application/json.

Engine processes

The solver picks a browser worker, navigates to your target, detects the challenge type, and interacts with it via Chrome DevTools Protocol. Cursor movement is randomized to look human.

Read the response

JSON response contains the solved token (Turnstile) or cf_clearance cookies (UAM), plus timing breakdowns for every stage of the solve pipeline.

Response 
// Turnstile response from /api/solve
{
  "token": "0.abc123def456...",
  "boot_ms": 320,      // worker boot
  "nav_ms": 450,       // page navigation
  "detect_ms": 120,    // challenge detection
  "hit_count": 3,      // clicks simulated
  "cf_delay_ms": 80,   // cloudflare processing
  "solve_ms": 1420     // total wall time
}
Endpoint Method Body Returns
/api/solve POST url + sitekey Turnstile token + timing
/api/solve/uam POST url only cf_clearance cookies + timing
/api/healthz GET Service health status
/ws WebSocket Live stats stream
solve_turnstile.sh 
curl -s -X POST "https://cf.ourin.eu.cc/api/solve" \
  -H "Content-Type: application/json" \
  --data '{
    "url": "https://target.example/",
    "sitekey": "0x4AAAAAAA..."
  }'
solve_uam.sh 
curl -s -X POST "https://cf.ourin.eu.cc/api/solve/uam" \
  -H "Content-Type: application/json" \
  --data '{
    "url": "https://protected-site.example/"
  }'
solve.py 
import requests

resp = requests.post("https://cf.ourin.eu.cc/api/solve", json={
    "url": "https://target.example/",
    "sitekey": "0x4AAAAAAA..."
})
data = resp.json()
print(data["token"])
solve.mjs 
const resp = await fetch("https://cf.ourin.eu.cc/api/solve", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    url: "https://target.example/",
    sitekey: "0x4AAAAAAA..."
  })
});
const { token } = await resp.json();
Live Monitoring

System Stats

Total Solved
Success Rate
Avg. Runtime

Rate Limits Apply

The GCRA algorithm allows 10 requests per 3-second window per endpoint. Exceed that and you get a 429 with a Retry-After header. Persistent abuse triggers temporary IP suspension. Keep your request pace steady and you'll never hit the wall.

FAQ

Common Questions

Is it really free?

Yes. No account, no API key, no credit card. Infrastructure is community-funded. There's a donate button if you want to chip in, but it's completely optional.

What are the rate limits?

10 requests per 3-second window per endpoint. The system auto-tunes concurrency based on available browser workers, so the pool never overflows into unbounded queue times.

How does solving work?

Headless Chromium connects via Chrome DevTools Protocol. The engine waits for Cloudflare's challenge iframe, simulates realistic mouse movement toward the checkbox, clicks it, and extracts the token or cookies from the page context.

Turnstile vs UAM?

Turnstile (/api/solve) needs a sitekey and returns a validation token. UAM (/api/solve/uam) only needs the URL and returns cf_clearance cookies you can use to access the protected page directly.

Do you use proxies?

No. The server connects directly from a residential IP. This gives the lowest latency and highest trust score from Cloudflare — proxy chains and datacenter IPs are exactly what CF flags.

Can I self-host?

Yes, it's fully open-source. You need a Linux VPS with Chromium, Xvfb, Go 1.26+, and systemd. The deploy script handles everything — dependency installation, compilation, service setup, and firewall config.

Support

Keep SOLVER Running

Server costs, bandwidth, and browser infrastructure add up. If this tool saves you time, consider donating. Every contribution keeps the service free for everyone.

Donate