Castle.js reference


_castle('identify', '1234', {
  // standard attributes
  created_at: '2012-12-02T00:30:08.276Z',
  email: '',
  name: 'Johan B',

  // custom attributes for display purposes; not analyzed by Castle
  age: 34,
  color: 'red'

By default, the __cid tracking cookie is set on the current top-level domain (e.g. If you're authenticated area is located at a different domain, use setCookieDomain change where the cookie is set.

_castle('setCookieDomain', '');

Masking sensitive page information

Castle uses the page URL and title to spot unusual navigation. However, if these contain sensitive information you can override the automatic page tracking. Make sure that the URLs and titles you track are still as unique and consistent as the original values. One way to do this is to hash the values, or limit it to the parts that contain the sensitive information.

_castle('autoTrack', false);
_castle('trackPageview', '/a92077bac1', 'Welcome f4a920!');

If you have a single-page app, you should call trackPageView on every route change.

Preventing user impersonation

Without the following setting, an attacker can impersonate your users without having to be logged in as them. Head over to the detailed guide on how to generate a secure signature.

_castle('secure', 'YOUR_GENERATED_SIGNATURE');

Hosting the JavaScript on your own domain

The latest version of the JavaScript is available as an NPM package. We will notify you when we push updates to the NPM repository. We will never break older versions.

$ npm install castle.js