_castle('createRequestToken').then(function(requestToken) {
// Insert requestToken into the form data
// ....
});
// or use onsubmit handler to automatically insert the castle_request_token hidden input
<form onsubmit="_castle('onFormSubmit', event)">
// ....
</form>
Risk-based scoring
Use risk scores and signals to detect malicious behavior. Take action based on policy verdicts: allow, challenge or deny.
The /risk
endpoint assesses each user accessing your site.
{
"risk": 0.67,
"signals": {
"new_device": {},
"new_country": {},
"proxy_ip": {},
"impossible_travel": {},
"multiple_accounts_per_device": {}
},
"policy": {
"action": "challenge",
"name": "Step up MFA on suspicious logins",
"id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
"revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
},
"device": {
"token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
}
}
{
"risk": 0.67,
"signals": {
"new_device": {},
"new_country": {},
"proxy_ip": {},
"impossible_travel": {},
"multiple_accounts_per_device": {}
},
"policy": {
"action": "challenge",
"name": "Step up MFA on suspicious logins",
"id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
"revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
},
"device": {
"token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
}
}
{
"risk": 0.67,
"signals": {
"new_device": {},
"new_country": {},
"proxy_ip": {},
"impossible_travel": {},
"multiple_accounts_per_device": {}
},
"policy": {
"action": "challenge",
"name": "Step up MFA on suspicious logins",
"id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
"revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
},
"device": {
"token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
}
}
{
"risk": 0.67,
"signals": {
"new_device": {},
"new_country": {},
"proxy_ip": {},
"impossible_travel": {},
"multiple_accounts_per_device": {}
},
"policy": {
"action": "challenge",
"name": "Step up MFA on suspicious logins",
"id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
"revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
},
"device": {
"token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
}
}
Analyze user risk on any page
Risk scores go up when signals trigger. Take action based on the score or individual signals.
- 30+ external risk signals
- 200+ internal risk assessments
Fine-tune what to allow, challenge, or deny
Take action based on configurable policies rather than hard-coded values.
- Trigger on risk, device, location, traits
- Decouple risk logic from your code
Flexible building blocks
Create custom fraud protection workflows.
Reduce fraud and abuse
Detect suspicious activity. Stop malicious users.
Account takeover
Stop accounts with leaked credentials from being taken over.
Transaction fraud
Prevent fraudulent transactions and money laundering before they happen.
Fake accounts
Mitigate new account registration fraud and fake spam accounts.
Promotion abuse
Prevent fraudsters from taking advantage of rewards, sales or other promotions.
Money laundering
Verify suspicious transaction behaviors such as excessive cash deposits or transfers.
Account sharing
Uncover accounts shared by multiple individuals.
- Bot Detection
- Account Takeover Prevention
- Policy Management
- Device Management
- User Behavior Analytics
- REST API & Webhooks
- Email & chat support
- Credit card payments
- Includes all Pro features
- Enterprise SLAs
- Enterprise support
- * Volume discounts available
- Customizable billing
- Invoice payments