How to deal with captcha check with API and Postman?

Question

I use Postman to test an API (The API of brickset.com). Whe calling my https://brickset.com/api/v3.asmx/login?apiKey=xxx&username=xxx&password=xxx I get the HTML page of cloudflare captcha verification. When doing the same GET in my browser (Edge) I had the captcha page the first time then now I get the correct result.

How can I whitelist my IP or whitelist my Postman app or get the cookie or whatever I need to make sure that when I send my request I bypass this robot verification page?

New information

After testing Postman again with my VPN connected to Hong Kong first, then Belgium.

On Hong Kong, where I live, the request response is this captcha page. On Belgium, with VPN, the request response with correct JSON.

What is this? How Can I tell this cloudflare system they can trust my IP ? I'm lucky I have a VPN.

Answer 1

If you own brickset.com, you can definitely whitelist your IP through Cloudflare dashboard; brickset.com > Security > WAF -> Tools, and then add your IP.

Since you mentioned it's an API, you probably want to disable Browser Integrity Check so you don't get captcha on API calls for normal browser calls as well (read more about it here).

Can't say how Cloudflare's captcha or anti-bot works. Multiple factors such as public IP reputation, number of requests, User Agent, ...etc, could trigger the captcha page.