SBSD stands for Score-Based Sensor Detection — Akamai's variant of Bot Manager that computes a numeric behavior score (0-100) from sensor data and gates access on the score. The bm_sc and bm_so cookies carry the score and session state. A low score blocks the request even when _abck looks valid.

What are the bm_sc and bm_so cookies?

bm_sc is the SBSD sensor cookie that encodes the computed score plus session metadata. bm_so is the session-origin token that binds the cookie to its solving context. Both must be present and aligned — sending bm_sc without a matching bm_so, or from a different IP, results in a fresh challenge.

How is SBSD different from standard Akamai _abck?

Standard Akamai uses _abck as a binary pass/fail token (marker ~-1~ passes, ~0~ fails). SBSD uses bm_sc/bm_so to carry a continuous score, and Akamai's WAF rules can permit borderline scores on low-risk endpoints while blocking the same score on checkout. SBSD requires a different sensor flow than the classic _abck endpoint.

How do I solve an SBSD challenge via API?

POST to https://api.meshprivacy.com/v1/tasks/submit with service: 'sbsd', the target url, optionally the script_url to the SBSD JavaScript and http_method (GET or POST), your proxy_config and user_agent. Poll /v1/tasks/result/{task_id} for 5-15 seconds and attach the returned cookies.bm_sc and cookies.bm_so to downstream requests.

How fast does MeshPrivacy generate bm_sc cookies?

SBSD solves typically take 5-15 seconds because the sensor flow runs more behavioral collection than standard _abck. Upstream timeout is 120 seconds. We do not advertise sub-second numbers — score-based detection requires real signal accumulation that cannot be shortcut.

How much does Akamai SBSD solving cost?

Pricing is per-credit at 1 USD = 1,000 credits. Credit cost per request varies per service and may change — see meshprivacy.com/pricing for current rates. New accounts get 20 free credits with no credit card required.

Should I use SBSD or the standard Akamai endpoint?

Inspect the target page source. If it loads /akam/13/script.js (or any /akam/ / path) and sets bm_sc/bm_so cookies, use service: 'sbsd'. If it loads /sensor.js and sets _abck plus bm_sz, use service: 'akamai'. Some sites layer both — solve the layer that the failing endpoint actually checks.

Looking for the standard Akamai _abck flow? See /docs/akamai. SBSD is the score-based variant.

Resolving Akamai SBSD Challenges

Akamai SBSD (Score-Based Sensor Detection) computes a behavior score from sensor data and gates access on it. When the score is too low or sensor cookies are missing/invalid, the protected URL returns a challenge and refuses to serve content. MeshPrivacy executes the SBSD sensor flow server-side and returns valid bm_sc/bm_so cookies.

Service Schema

Field	Type	Required	Description
`url`	string	Yes	Target URL that triggers the SBSD challenge
`script_url`	string	No	SBSD script URL
`http_method`	string	No	HTTP method (`GET`/`POST`)
`proxy_config`	string	No	Proxy in `http://user:pass@ip:port` format
`user_agent`	string	No	Custom user agent

Service ID: sbsd · Status: Stable

Real-time API status: trust.meshprivacy.com

Returned Cookies

bm_sc — Behavior score cookie

bm_so — Score originator

_abck — Akamai bot detection token (often returned alongside)

All score cookies are session-bound and tied to the proxy IP used during solving.

Integration Example

sbsd.js

// Submit Akamai SBSD task to MeshPrivacy
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'X-API-Key': API_KEY },
  body: JSON.stringify({
    service: 'sbsd',
    url: 'https://target-site.com/',                          // required
    script_url: 'https://target-site.com/akam/13/script.js',  // optional
    http_method: 'GET',                                       // optional - GET or POST
    proxy_config: 'http://user:pass@ip:port',                 // optional
    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)...'// optional
  })
});
const { task_id } = await response.json();

const result = await fetch(`https://api.meshprivacy.com/v1/tasks/result/${task_id}`, {
  headers: { 'X-API-Key': API_KEY }
});
const { cookies } = await result.json();
// Use cookies.bm_sc / cookies.bm_so in downstream requests

FAQ

_abck is a binary challenge (pass/fail). SBSD computes a continuous score and serves content only above a threshold. Sites often run both — solve _abck via akamai and SBSD via sbsd.

Related Services

Akamai _abck|SecCPT|DataDome|PerimeterX