Unsupported Targets
AlterLab handles the vast majority of websites through its 5-tier auto-escalation system. However, some targets are fundamentally inaccessible to any scraping API. This guide explains what those targets are, how to identify them, and how to find working alternatives.
Not a Limitation of AlterLab
Classes of Unsupported Targets
There are three broad categories of targets that will consistently fail regardless of which scraping tier is used.
1. Dead or Deprecated API Endpoints
Some API endpoints that were once publicly accessible have been permanently shut down by their operators. These endpoints return connection errors, empty responses, or generic error pages because the server-side infrastructure no longer exists.
Common examples include legacy social media API endpoints that were deprecated when platforms moved to authenticated-only access models. The endpoint URL may still resolve via DNS, but the backend returns no usable data.
How to recognize this: Requests consistently return status 0 (connection refused), HTTP 404, or a generic platform error page across all tiers. The same URL will fail with any scraping tool or even a direct browser visit.
2. Authentication-Gated Resources
Endpoints that require an active user session (login cookies, OAuth tokens, or session JWTs) cannot be scraped without valid credentials. AlterLab does not inject user credentials or maintain authenticated sessions on your behalf for third-party services.
This includes private dashboards, account settings pages, logged-in-only content feeds, and API endpoints that require Bearer tokens issued through an OAuth flow.
Authenticated Scraping Guide
How to recognize this: Requests return HTTP 401 or 403, or the response body contains a login form or "please sign in" message. The page may render partially but the target data is absent.
3. Per-Request Signed Token APIs
Some API endpoints embed cryptographic signatures (HMAC, nonces, or one-time tokens) into every request. These tokens are generated client-side using JavaScript and are validated server-side before returning data. Each token is bound to a specific timestamp, user session, or request body — making replicated requests invalid.
Even with full JavaScript rendering (Tier 4), the signing logic may depend on session state, device fingerprints, or server-issued seeds that are not available in a scraping context.
How to recognize this: Requests succeed intermittently or return HTTP 403/422 with error messages referencing invalid tokens, expired signatures, or request validation failures. The endpoint works in a real browser session but fails when the same URL is requested externally.
How to Identify Unsupported Targets
Tier Escalation Signals
When AlterLab encounters a failure, it automatically escalates through tiers. You can observe this in the API response. If a request exhausts all applicable tiers and still fails, the target is likely in one of the unsupported categories above.
Key indicators in the response:
tier_usedshows the highest tier attemptedstatus_code: 0indicates the target server refused the connection entirelyerrorfield contains details about why the request failed
Response Patterns to Watch For
| Pattern | Likely Cause | Action |
|---|---|---|
status_code: 0 at Tier 1-2 | Dead endpoint — server refuses connection | Verify the endpoint exists by visiting it in a browser |
401 or 403 across all tiers | Auth-gated — requires credentials | Use authenticated scraping with your own credentials |
403 or 422 with token error message | Signed token API — request validation failure | Look for an alternative public endpoint or official API |
| Response body is a login page | Auth-gated — redirected to login | Use cookie injection if you have valid session credentials |
Empty response body with 200 | API returns empty data — possibly deprecated | Check if the API has been superseded by a newer version |
Example failed response for a dead endpoint:
{
"success": false,
"status_code": 0,
"error": "Connection refused — the target server is not accepting requests on this endpoint.",
"tier_used": 2,
"url": "https://example.com/api/v1/deprecated-endpoint"
}Finding Working Alternatives
When a target endpoint is inaccessible, there is often a working alternative. Here is a general approach to finding one:
- Check the platform's official API documentation — many platforms offer public or authenticated APIs that provide the same data through supported channels.
- Look for mobile API endpoints — some platforms serve public data through mobile-optimized API endpoints (often prefixed with
i.orm.) that return JSON without authentication for publicly visible content. - Try the public web page instead of the API — scraping the rendered HTML page (with JavaScript rendering enabled) often provides the data you need, even when the underlying API is locked down.
- Use a lower tier for public pages — public profile pages and listings are typically accessible at Tier 2 or 3, even when internal API endpoints are blocked.
Test with the Playground
Common Examples
| Scenario | Why It Fails | Working Alternative |
|---|---|---|
| Legacy social media GraphQL endpoints | Endpoint deprecated — server returns empty or error | Use the platform's mobile API or scrape the public profile page HTML |
| Private messaging or DM APIs | Requires authenticated session with valid user tokens | No alternative — this data requires user authentication |
| Banking or financial portals | Per-request signed tokens and multi-factor authentication | Use the institution's official API (e.g., Open Banking, Plaid) |
| Internal admin dashboards | Requires session cookies from an authenticated login | Use authenticated scraping with your own valid credentials |
| Real-time WebSocket-only data feeds | Data is not served over HTTP — requires persistent WebSocket connection | Use AlterLab's WebSocket guide for real-time streams |
Getting Help
If you are unsure whether a target falls into one of these categories, there are several ways to get help:
- Check the Error Codes reference to decode your API response
- Test the URL in the Playground to see real-time tier escalation behavior
- Open a support ticket — include the target URL and your API response so the team can advise on alternatives