Platform

One API for
every bot wall.

Send a URL, get back the exact token the protection checks: an Akamai _abck, an SBSD or Sec-CPT answer, a BMP mobile sensor, or a Kasada x-kpsdk-*. One key across all of it. Managed browsers and full scraping workflows are next.

Get startedRead the docs
quickstart.sh
bash
# Generate sensor data, post it back, hold a valid _abck
curl -s https://web.roolink.io/api/v1/sensor \
  -H "x-api-key: $ROOLINK_KEY" \
  -H "content-type: application/json" \
  -d '{ "url": "https://example.com",
        "userAgent": "..." }'

# Attach the cookie and call the real endpoint.

Products

The platform, product by product.

Each product targets a specific bot-management vendor. They share one API key, one billing balance, and one integration model.

Akamai Web

Available

Full _abck lifecycle for protected web endpoints.

  • _abck cookie generation
  • SBSD challenge solving
  • Sec-CPT proof-of-work
  • Pixel challenge support
  • Go, JS, and Python SDKs
View product

Akamai BMP

Available

Mobile sensor data for iOS and Android apps.

  • Full iOS support
  • Full Android (APK) support
  • x-acf-sensor-data generation
  • Per-device sensor generation
  • Single API key with Web
View product

Kasada

Beta

Kasada CT and CD payload generation.

  • x-kpsdk-ct payload generation
  • x-kpsdk-cd proof-of-work
  • ips.js script ingestion
  • Request-based integration
  • Onboarding via review
View product

On the roadmap

CloudflareDataDomeIncapsula (Imperva)
Need one of these now? Talk to us

Beyond sensors·Sensor APIs are step one. Managed browsers and end-to-end scraping workflows are next, so the whole pipeline runs on one platform. Start with the API now or grow into the rest.

How it works

Three steps, no browser in the loop.

The same request lifecycle applies across products. You control the HTTP client and proxy; Roolink owns only the anti-bot payload.

01

Fetch

Your client requests the protected page and collects the bootstrap cookies (bm_sz, _abck, bm_o).

02

Generate

Call the sensor, SBSD, or Sec-CPT endpoint. Roolink returns the exact payload the protection expects.

03

Attach

Post the payload, collect a valid session cookie, and drive the real endpoint as plain HTTP.

Integration surface

One key. REST or our SDKs.

Authenticate with an x-api-key header and call versioned endpoints from any language. The official Go, JS, and Python SDKs (github.com/roolinkio) wrap sensor, SBSD, and Sec-CPT generation for production throughput.

  • One key for Akamai Web, Akamai BMP, and Kasada
  • Bring your own proxy and HTTP client
  • Versioned REST endpoints (/api/v1)
main.go
go
import "github.com/roolinkio/roolink-go"

client := roolink.NewClient(apiKey)

sensor, _ := client.GenerateWebSensor(ctx, roolink.WebSensorRequest{
    URL:       "https://example.com",
    UserAgent: ua,
    Abck:      cookies.Abck,
    BmSz:      cookies.BmSz,
    ScriptURL: scriptURL,
    Language:  "en-US",
})
// POST sensor.Sensor back, then drive the real endpoint.

Responsible access

Reviewed by design.

Every account goes through a manual use-case review. We work with legitimate businesses, researchers, and developers, and we would rather lose business than enable abuse.

100%

user verification

Manual

use-case review

Ethical

business practices

Ready to ship?

Create an account, verify your use case, and you'll have an API key in minutes.

Get startedView pricing