Block bots & bad behavior
Instantly stop automated and human-originated account takeovers, fake accounts, and any behavior that violates your platform policies.

Behavior beyond bots
Behavioral intelligence tells good users from bad across your entire app, securing actions beyond login and signup.
Explainable decisions
Get reasons for blocked or challenged users and the impact to user experience, with the granularity of advanced analytics platforms.
Forensic-level analytics
Deep analytics with historical data up to 18 months, empowering you to make decisions without ever leaving the Castle environment.
Instant rule simulation
Customize rate limiters, velocity aggregations, and blocklists in real-time simulations for accurate testing before live deployment.
A drop-in solution to account protection
Get started quickly with minimal setup, while retaining the ability to tailor security measures to your platform's specific policies.
- 1
Lightweight integration
Similar to a CAPTCHA, integrate at necessary endpoints with a client and backend SDK on both mobile and web. View docs
- 2
Out-of-the-box decisions
Pre-configured with risk scores for bot abuse, account takeover, and account abuse in general.
- 3
Custom verification flows
Use own CAPTCHA, SMS, and email verification flows a tailored user experience.

- Trusted device fingerprintGHxj3jgosjeklLS93jxog22jzl
- 3 users per device
- Proxy IP
- Impossible travel

Go beyond requests with user & device forensics
Perform comprehensive analysis and reporting with up to 18 months of historical data enriched with user and device intelligence without having to ever leave the Castle dashboard.
Pattern exploration
Uncover bad user activity by querying and visualizing large amounts data and turn into rules with a few clicks.
Network analysis
Spot network of bad user activity via shared devices, emails, IPs, payment methods, or addresses.
Session monitoring
Get a complete history of each user and company, down to individual page views and any custom actions.
Rule backtesting
Test complex risk logic on historical data first, ensuring zero disruption to legitimate users.
Pattern exploration
Uncover patterns in on login attacks, signup spam campaigns, and repetitive in-app transactions.

Network analysis
Spot interconnected users via shared devices, emails, IPs, payment methods, or addresses.

Session monitoring
Get a complete history of each user and company, down to individual page views and any custom actions.

Rule backtesting
Test complex risk logic on historical data first, ensuring zero disruption to legitimate users.

Identify bad actors based on behavior
Use a combination of device fingerprinting, risk scoring, custom velocity aggregations, and dynamic blocklists to define behaviors unique to your specific abuse vectors.
Weed out bad actors before or after signup
Segment out new accounts based on similarity to other accounts, bot behavior, and blocklists.
More about Fake Accounts- Suspicious IP
- Users per Device (12)
- Repetitive Email Pattern
- Abuse-repored IP
- Suspicious IP
- Blocked Country
Identify both bots and human attacks
Use a combination of scores and heuristics to highlight suspicious or hijacked accounts.
More about Account Takeovers- Credential Stuffing
- New Device
- Datacenter IP
- Abuse-repored IP
- New Device
- New Country
- Impossible Travel
- Proxy IP
- Users per Device (2)
Only allow signing up once
Aggregate the number of accounts created per device, IP, or credit card and block when it exceeds a threshold.
More about Multi-Accounting- Users per Device (13)
- Users per Credit Card (7)
- Users per IP (32)
- Users per Device (12)
- Users per Credit Card (6)
- Users per IP (31)
- Users per Email (3)
Block repetitive spam content
Customize logic based on the the number of content posts or messages per device and minute, and tune it with regex filters.
More about Content Abuse- Bot Behavior
- Content per IP (122)
- Datacenter IP
- Content per User 1h (33)
- Proxy IP
- Blocked Regex
Eliminate SMS verification abuse
Use a mix of bot detection and velocity signals to lock down spammy SMS fees with high precision
More about SMS Pumping- Bot Behavior
- Verifications per IP (48)
- Users per Device (12)
- Bot Behavior
- Verifications per IP (48)
- Blocked Phone Numbers
Define account sharing your way
Uncovering account sharing requires granular controls to define the exact behavior that breaches your terms of services.
More about Account Sharing- Excessive Content Sharing
- Impossible Travel
- Frequent Device Toggling
- Bot Behavior
- Proxy IP
- Frequent IP Toggling
- Impossible Travel
Stop card testing before the transaction
Implement velocity checks to prevent a transaction attempt from reaching your payment processor in the first place.
More about Transaction Abuse- Transactions per 1h (13)
- Transactions per Card (21)
- Users per Device (3)
- Transactions per 10m (5)
- Blocked Credit Card
Headless API protection
Castle supports protection of endpoints where client-side code can't be injected, such as desktop apps or REST APIs
More about API Abuse- Request per IP (138)
- Abuse-reported IP
- Time Since Registration (39s)
- Request per User (18)
- Blocked IP
Execute actions in real-time
Assessments of data like user count per device fingerprint or hourly failed logins executed in the blink of an eye.
Real-time decisions
Assessments of data like user count per device or hourly failed logins executed in the blink of an eye.
Inline blocking
Initiate request blocks or step-up verifications anywhere in your app without disrupting the user experience.
Alerts & notifications
Ensure your team and users stay informed with triggered Slack notifications or webhooks.

Comprehensive behavioral analysis
Scalable behavioral analysis for proactive threat detection. Start for free and pay as you go.
|
|
Built for scale
Our APIs process billions of monthly requests with resilience against severe bot attacks.
100ms response time
Fingerprinting, risk scores, and rules computed instantly in real-time.
Pay-as-you-go pricing
Transparent and predictable plans based on requests or MAU.