Interstitial / slider / tags

Bypass DataDome Protection with a single API call

Solve interstitial challenges in milliseconds, crack slider captchas automatically, and send tags to boost your datadome trust score, all via simple API calls.

Create account Read the docs
solve_datadome.py
from hyper_sdk import Session, DataDomeInterstitialInput

session = Session(api_key="your-api-key")

# Parse the 403 block, load the device HTML, solve via the API
device_link = session.parse_interstitial_device_check_link(
    html, cookie, referer,
)
device_html = client.get(device_link).text

result = session.generate_interstitial_payload(
    DataDomeInterstitialInput(
        device_link=device_link,
        html=device_html,
        user_agent=user_agent,
        ip=proxy_ip,
        accept_language="en-US,en;q=0.9",
    )
)

# POST the payload back, datadome cookie updated
client.post(device_link, data=result.payload, headers=result.headers)
200 OK · datadome updatedsolved in 9ms
<10ms
Interstitial solving
1B+
Requests served / month
Auto
Updated on every DataDome release
<12h
Engineer support response
Understanding the challenge

What is DataDome protection?

DataDome is a real-time bot-protection layer deployed on retail, classifieds, travel and ticketing sites. It fingerprints every visitor, scores their behavior, and throws interstitials or slider captchas the moment trust drops.

Why it's hard to bypass

DataDome layers a JavaScript challenge, a visual captcha and continuous behavioral scoring. Each challenge type needs a different solving approach, and a headless browser betrays itself across all of them at once.

Our API reproduces the right signal for each: fingerprint payload, slider position or trust tag, from a single HTTP call, no browser required.

Protection mechanisms

403 interstitial fingerprinting

DataDome serves a 403 page with a JavaScript challenge that fingerprints canvas, WebGL, timing and navigator entropy.

Slider captcha

A visual puzzle asks for a piece to be dragged to the matching gap. It needs accurate image analysis, not a random offset.

Session scoring

Behavioral signals are scored across requests. A low trust score escalates you straight into challenges.

IP reputation

Known datacenter and proxy ranges are penalized on sight, regardless of how clean your payload is.

The traditional approach

Headless browsers & Puppeteer

Spin up a full browser per challenge, slow and memory-hungry
Re-solve the slider captcha visually on every block
Behavioral scoring flags automation frameworks at scale
Breaks whenever DataDome ships a new challenge build
VS
The Hyper Solutions approach

One unified API call

Sub-10ms interstitial solving over plain HTTP
Automatic slider puzzle recognition, no vision pipeline
Tags telemetry to raise trust and prevent blocks proactively
Auto-updated by our team on every DataDome release
Full coverage

Every DataDome challenge, one API

Select a challenge type to see what it is, when it fires, and exactly how we resolve it.

Interstitial Challenge

Reactive
POST /interstitial
403 blocked 200 OK
What it is

A 403 interstitial page carrying a JavaScript device-fingerprint challenge. DataDome expects an encrypted payload that proves a real browser ran the script before it issues a valid datadome cookie.

When it is triggered

Served the moment a session looks automated, usually the first request from a fresh or low-trust client.

How our API solves it

Parse the block page for the device-check link, request that link to collect the device HTML, then send both the HTML and the link to the API with user-agent, IP and accept-language. We return the payload and headers; POST them back to the device URL and DataDome refreshes your datadome cookie.

interstitial.py
device_link = session.parse_interstitial_device_check_link(
    html, cookie, referer,
)
device_html = client.get(device_link).text

result = session.generate_interstitial_payload(
    DataDomeInterstitialInput(
        device_link=device_link,
        html=device_html,
        user_agent=user_agent,
        ip=proxy_ip,
        accept_language="en-US,en;q=0.9",
    ),
)
client.post(device_link, data=result.payload, headers=result.headers)
Returns
payloadheaders
The workflow

How the bypass works

Detect the block, parse the device-check link, fetch the device HTML, solve through the API, then POST the payload back to DataDome. Most developers integrate in under 30 minutes.

01

Detect the 403 block

Catch the interstitial response and parse the HTML for the device-check link and challenge parameters.

GET target -> 403 interstitial
02

Extract the device link

Pull the encrypted device-check URL DataDome embedded, then request it to load the device HTML.

session.parse_interstitial_device_check_link(...)
03

Solve via our API

Send the device HTML, deviceLink, userAgent, ip and acceptLanguage to the API. It returns the payload and headers in under 10ms.

session.generate_interstitial_payload(...)
04

Submit and continue

POST the payload back to the device URL with the returned headers. DataDome updates your datadome cookie and protected routes open up.

POST payload -> datadome updated
request timeline · datadome cookie validation
you->GET https://www.target.com/account
site<-403 interstitial · datadome cookie low trust
you->parse device-check link from 403 HTML
you->GET deviceLink to load challenge HTML
site<-200 device HTML + challenge script ref
you->POST Hyper API · /interstitial html + deviceLink + userAgent + ip + acceptLanguage
hyper<-200 · payload + headers · 9ms
1 · new API round trip · <10ms
you->POST payload to /interstitial/
site<-200 Set-Cookie: datadome=... trusted
you->GET protected route with refreshed datadome
site<-200 OK request allowed
Full walkthrough with code in every SDK -> examples repo
The case for an API

API vs browser automation

Headless browsers can technically clear DataDome until the next challenge build, or until behavioral scoring catches the framework. Here's how a managed API compares on the metrics teams actually feel.

Metric
Hyper Solutions
Puppeteer / Playwright
Interstitial solve
<10ms
2-9 seconds
Slider captcha
<10ms
3-8 seconds
Memory usage
<1 MB per call
200-500 MB per session
Maintenance
Zero, auto-updated by our team
Breaks on every DataDome build
Success rate
High and consistent
Variable, drops at scale
Scalability
Millions of solves, horizontally
Hundreds of concurrent solves
* Performance comparison based on real-world testing of airline award availability scraping. Browser automation metrics include full page loads with all resources. Results may vary based on target website, network conditions, and implementation.
Pricing

Pay for requests, not browsers

One account covers Akamai, Kasada, DataDome and Incapsula. Start self-serve, then move to a monthly bundle for a lower per-request rate. Every challenge type is included on every plan.

Pay as you go

Self-serve. Top up a balance and pay only for the requests you generate.

€3/ 1k requests
flat rate · every DataDome challengeStart free trial
All four products and every challenge type
Interstitial, slider and tags included
Auto-updated against every DataDome release
Sub-10ms interstitial solving
Community Discord support
Integration support not included
Most popular
Subscription

A monthly request bundle with the best per-request rate. Pick the volume that fits.

350/ month · 250K requests
about €0.0014 per requestCreate account
Everything in pay as you go, plus
250K requests / month included
Lower per-request rate at higher volume
Direct support from the engineers
Migration help from your old stack
Enterprise

Committed-use volume pricing with a direct line to the founding team.

Custom
Let's talk volumeTalk to the team
Volume and committed-use pricing
Contractual SLAs, open to your terms
Mutual NDA (MNDA) standard
Dedicated Slack channel with our team
Auto-updated against every DataDome release
Integration support is included with every Subscription and Enterprise plan, and pay-as-you-go is self-serve. Need more than 1M requests a month? Talk to sales.
Deep dive

Outputs & example payloads

What the API returns, what DataDome sets, and exactly what an interstitial or slider request and response look like on the wire.

Fields and where they come from
userAgentyou provide

The exact browser user-agent used on the blocked request and the follow-up payload POST.

deviceLinkparsed

Encrypted device-check URL parsed from the 403 interstitial block page. Include it with the HTML you submit.

htmlyou provide

HTML loaded from the device link. The API uses this challenge document to build the payload.

ipyou provide

The egress IP the payload is generated for. It must match the IP your target request exits from.

acceptLanguageyou provide

The Accept-Language header from the same session, kept consistent across the flow.

payloadAPI output

Payload you POST back to the device URL with the returned headers so DataDome refreshes the datadome cookie.

POST https://datadome.hypersolutions.co/interstitial

{
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
  "deviceLink": "https://geo.captcha-delivery.com/...",
  "html": "<!doctype html>...",
  "ip": "203.0.113.10",
  "acceptLanguage": "en-US,en;q=0.9"
}
SDKs

In your language.

MIT-licensed, on npm / PyPI / GitHub. Interstitial parsing, slider solving, tags payloads, and cookie validation in every SDK, or skip them and hit the HTTP API directly.

Nodenpm i hyper-sdk-js
Pythonpip install hyper-sdk
Gogo get github.com/Hyper-Solutions/hyper-sdk-go/v2
Read the docs
FAQ

DataDome bypass questions

Anything not covered here, including whether your exact target is supported, gets a faster answer in Discord than anywhere else.

Ask in Discord
After you POST the generated payload with the returned headers to the device link, DataDome issues a refreshed datadome cookie. Your next request to a protected route returns 200 instead of a 403 interstitial.
The interstitial is a 403 JavaScript challenge that fingerprints the device. The slider captcha is a visual puzzle escalated when the interstitial is not enough; it needs image analysis to find the exact gap position.
Tags are telemetry events DataDome posts to its /js/ collector to score your session. Sending well-formed tags proactively raises trust, so interstitials and captchas fire less often.
The DDK is static per site. Inspect network traffic to the /js/ endpoints once, where the jsKey is passed, then reuse it for that target.
Yes. The API targets DataDome itself rather than any single site, so it works across retail, classifieds, travel and ticketing targets. New DataDome builds are covered automatically by our update pipeline.
Usual culprits are an IP mismatch, a rotated user-agent, or a low trust score you never raised with tags. Match IP and UA, send tags proactively, and the blocks clear.

Ready to bypass DataDome protection?

Drop in an official SDK and solve your first challenge in minutes. Pay-as-you-go to start, with subscription bundles when you scale.

Create account Read the docs
self-serve · pay per call · no minimums