Risk API

Complete user risk
assessment

APIs for device fingerprinting, user behavorial analytics, threat detection, and incident workflow. Protect your business today.

Client-side
_castle('createRequestToken').then(function(requestToken) {
  // Insert requestToken into login form
});
Server-side
token = request.params['castle_request_token']

res = castle.risk(
  event: '$login',
  status: '$succeeded',
  request_token: token,
  context: Castle::Context::Prepare.call(request),
  user: {
    id: user.id,
    email: user.email
  }
)
API Response

Risk-based scoring

Use risk scores and signals to detect malicious behavior. Take action based on policy verdicts: allow, challenge or deny.

The /risk endpoint assesses each user accessing your site.

Response
{
  "risk": 0.67,
  "signals": {
    "new_device": {},
    "new_country": {},
    "proxy_ip": {},
    "impossible_travel": {},
    "multiple_accounts_per_device": {}
  },
  "policy": {
    "action": "challenge",
    "name": "Step up MFA on suspicious logins",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  },
  "device": {
    "token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
  }
}
{
  "risk": 0.67,
  "signals": {
    "new_device": {},
    "new_country": {},
    "proxy_ip": {},
    "impossible_travel": {},
    "multiple_accounts_per_device": {}
  },
  "policy": {
    "action": "challenge",
    "name": "Step up MFA on suspicious logins",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  },
  "device": {
    "token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
  }
}
{
  "risk": 0.67,
  "signals": {
    "new_device": {},
    "new_country": {},
    "proxy_ip": {},
    "impossible_travel": {},
    "multiple_accounts_per_device": {}
  },
  "policy": {
    "action": "challenge",
    "name": "Step up MFA on suspicious logins",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  },
  "device": {
    "token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
  }
}
{
  "risk": 0.67,
  "signals": {
    "new_device": {},
    "new_country": {},
    "proxy_ip": {},
    "impossible_travel": {},
    "multiple_accounts_per_device": {}
  },
  "policy": {
    "action": "challenge",
    "name": "Step up MFA on suspicious logins",
    "id": "e14c5a8d-c682-4a22-bbca-04fa6b98ad0c",
    "revision_id": "b5cf794e-88c0-426e-8276-037ba1e7ceca"
  },
  "device": {
    "token": "eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlbiI6IlQyQ"
  }
}
Risk and signals

Analyze user risk on any page

Risk scores go up when signals trigger. Take action based on the score or individual signals.

  • 30+ external risk signals
  • 200+ internal risk assessments
Policies

Fine-tune what to allow, challenge, or deny

Take action based on configurable policies rather than hard-coded values.

  • Trigger on risk, device, location, traits
  • Decouple risk logic from your code
For Developers

Flexible building blocks

Create custom account security workflows.

Use Cases

Reduce fraud and abuse

Detect suspicious activity. Stop malicious users.

Account takeover

Stop accounts with leaked credentials from being taken over.

Transaction fraud

Prevent fraudulent transactions and money laundering before they happen.

Fake accounts

Mitigate new account registration fraud and fake spam accounts.

Promotion abuse

Prevent fraudsters from taking advantage of rewards, sales or other promotions.

Money laundering

Verify suspicious transaction behaviors such as excessive cash deposits or transfers.

Account sharing

Uncover accounts shared by multiple individuals.

Professional
$33/mo
per 10,000 good events

No minimum commitment
Start for free
  • Bot Detection
  • Account Takeover Prevention
  • Policy Management
  • Device Management
  • User Behavior Analytics
  • REST API & Webhooks
  • Email & chat support
  • Credit card payments
Enterprise
$28/mo*
per 10,000 good events

$2,800/mo minimum commitment
Get in touch
  • Enterprise SLAs
  • Enterprise support
  •  
  • * Volume discounts available
  • Customizable billing
  • Invoice payments