Scraping api protected by impreva

I want to scrap an api, protected by "impreva" society,they use X-D-token in request header , and visid_incap_ incap_ses_* in response header.

now with datacenter proxy I get 200 response each 50 429 http response. even if I use only one concurent request. but with residential proxy I get 200.

is there any solution to bypass this protection by using only datacenter proxy ?

this is the request :

GET /api/magasins/72/navigation-content/ HTTP/2
Host: api.cora.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/91.0.4472.114 Safari/537.36
Accept: application/vnd.api.v1+json
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
Cora-Auth: apidrive
App-Id: 1
App-Signature: BROWSER;WEB;91.0.4472.114;;1.25.0;1;2;Chrome;1080;1920
X-D-Token: 3:R3wmbBvTR1D6vDBmzCLerA==:qzf5V/qwmQQShcP5/cFIjM/goahseigjk/Xs2H5btwW5kCw+nLSNStvZUdugaCm1WIVl4vGCwXFf8Te0GueaZV3koYe2oCe7YiDelKihZ5LSVVz3T6uNKMaOxpSFD+CIP6usg48ioqTCv/Wme5hdCQ8n7b5qR25xWKhFCYesCoYZnen2LHVOVnMWde6AkItRarRDG5IcEUW0XYyojX9i+XL6X3Mgnynvsb7l6wVVW4AruNE80MiLkSgo2XHlh3SBFArXBdBvvyKUpfRUGZokMqYDIS03w/ShB1OJ4KUfKs6Wu1hrNCZlY3N8RTE/S8oYAsjpagWzQwTuCTwCLtYv+48kvXRIihtHC1IQ5nRPsd7s4TuanGYsYDjm3CMaUpvA+pQIqLTiLUYdG+lIMfYXUpQpGOXC+2gF69yxyFQbtxpbluv7NsHELoaaLQHvoYKI:JA3UaEpTRK6Wjf6b6yXbvJ28p7vjimPImMsmAN8GEmI=
Uuid: 2bb3d0ad-04c1-485a-a98d-4ac3d753fd1b
Origin: https://www.cora.fr
Referer: https://www.cora.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Te: trailers

this is the response 429 :

HTTP/2 429 Too Many Requests
Date: Mon, 27 Sep 2021 13:08:36 GMT
Content-Type: application/json
Server: api.cora.fr
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.cora.fr
Vary: Origin
Set-Cookie: nlbi_2346747=ozjvaL0oPg66DB86rtkoMQAAAAA9QXZBJ+NCBIVB3SmXJNXF; path=/; 
Domain=.cora.fr; Secure; SameSite=None
Set-Cookie: 
visid_incap_2346747=70eYj3uqQcKlyni2K4A651PCUWEAAAAAQUIPAAAAAAD3srVYiHapPbOcjTfZu3h0; 
expires=Tue, 27 Sep 2022 10:34:34 GMT; HttpOnly; path=/; Domain=.cora.fr; Secure; 
SameSite=None
Set-Cookie: 
incap_ses_1099_2346747=FIAFfin/tmOLYnuIJm9AD1PCUWEAAAAA/xhZaPz5UshGvjEiQfzp2w==; 
path=/; Domain=.cora.fr; Secure; SameSite=None
X-Cdn: Imperva
X-Iinfo: 0-27795484-27795152 pNYN RT(1632748115671 0) q(0 0 0 0) r(1 1) U5

{"message": "429 Too Many Requests","429}

this is the header of response 200 :

HTTP/2 200 OK
Content-Type: application/json
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Mon, 27 Sep 2021 14:13:10 GMT
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 9
X-Ratelimit-Reset: 
Etag: W/"09af7903630eefe87a18365ff527e6917bac5da1"
Server: api.cora.fr
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.cora.fr
Vary: Origin
Set-Cookie: 
nlbi_2346747=FsJOKpMDRQqeSktYrtkoMQAAAADB426mJ/c0BiDBDsyETwFU; 
path=/; Domain=.cora.fr; Secure; SameSite=None
Set-Cookie: visid_incap_2346747=Dsbf9nV0RN+yazh0zGE893bRUWEAAAAAQUIPAAAAAAD6RV43J8UcxEZJHt07UrHN; expires=Tue, 27 Sep 2022 08:49:53 GMT; HttpOnly; path=/; Domain=.cora.fr; Secure; SameSite=None;
Set-Cookie: incap_ses_476_2346747=qsgAeXWGFRc+6OUn+BebBnbRUWEAAAAAimqhOCYEdQHug9mxUEC0wA==; path=/; Domain=.cora.fr; Secure; SameSite=None
X-Cdn: Imperva
X-Iinfo: 10-120722009-120615528 pNNN RT(1632751989673 0) q(0 0 0 -1) r(4 4) U5