Filter API

Better bot detection

Risk signals, policies, and a per-request API. Replace your CAPTCHA today.

Client-side
_castle('createRequestToken').then(function(requestToken) {
  // Insert requestToken into registration form
});
Server-side
token = request.params['castle_request_token']

res = castle.filter(
  event: '$registration',
  request_token: token,
  context: Castle::Context::Prepare.call(request)
)
API Response

Risk-based bot scoring

Use risk scores and signals to determine friend from foe.

The /filter endpoint assesses the risk that a user is a bot.

Response
{
  "risk": 0.95,
  "signals": {
    "bot_behavior": {},
    "proxy_ip": {},
    "disposable_email": {},
    "spoofed_device": {}
  },
  "policy": {
    "action": "deny",
    "name": "Block bots",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  }
}
{
  "risk": 0.95,
  "signals": {
    "bot_behavior": {},
    "proxy_ip": {},
    "disposable_email": {},
    "spoofed_device": {}
  },
  "policy": {
    "action": "deny",
    "name": "Block bots",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  }
}
{
  "risk": 0.95,
  "signals": {
    "bot_behavior": {},
    "proxy_ip": {},
    "disposable_email": {},
    "spoofed_device": {}
  },
  "policy": {
    "action": "deny",
    "name": "Block bots",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  }
}
Risk and signals

Assess bot risk on any page or form

Risk scores go up when signals trigger. Take action based on the score or individual signals.

  • 30+ external risk signals
  • 200+ internal risk assessments
Policies

Fine-tune what to allow, challenge, or deny

Take action based on configurable policies rather than hard-coded values.

  • Trigger on risk, device, location, traits
  • Decouple risk logic from your code
Use Cases

Reduce fraud and abuse

Block malicious bots in web and mobile applications.

Fake accounts

Mitigate new account registration fraud and fake spam accounts.

Credential stuffing

Protect your users from automated account takeovers and data breaches.

Content spam

Stop spam comments from polluting your site.

Platform abuse

Block abusive traffic and avoid resource exploits.

Card testing

Prevent brute-force testing of loyalty or credit cards.

Inventory hoarding

Prevent brand damage caused by bots purchasing and stockpiling inventory.

Comparison

How we are better

Designed to give developers the most flexibility.

Castle
Filter API
Cloudflare
Bot Manager
Google
reCAPTCHA v3
Self-service
API & SDK-based
Mobile SDKsAndroid only
User access logs
Detailed risk reasons
Policy management
Professional
$33/mo
per 10,000 good events

No minimum commitment
Start for free
  • Bot Detection
  • Account Takeover Prevention
  • Policy Management
  • Device Management
  • User Behavior Analytics
  • REST API & Webhooks
  • Email & chat support
  • Credit card payments
Enterprise
$28/mo*
per 10,000 good events

$2,800/mo minimum commitment
Get in touch
  • Enterprise SLAs
  • Enterprise support
  •  
  • * Volume discounts available
  • Customizable billing
  • Invoice payments