If you signed up before June 3, 2021, see the migration guide to learn about the recent API changes.


Castle's documentation contains four main sections. These include a guide for Getting started, a Knowledge base, Tutorials, and a Reference.

Integration quickstarts

Most integrations start with either blocking bots at account registration, or uncovering anomalous users attempting to log into existing accounts.

Prevent fake accounts

Use the Filter API to block signup attempts before they create an account.

Start implementing →

Prevent account takeovers

Use the Risk API is assess the risk of account takeover at login.

Start implementing →


Castle is made of modular components including API endpoints, webhooks, SDKs, and a comprehensive Dashboard. These components can be used to make solutions with the following capabilities:

  • provide risk analysis of events
  • provide detailed IP and User-Agent evaluations
  • prevent unauthorized account access
  • prevent bot access
  • manage end-user device access
  • alert on suspicious or malicious activity
  • create custom Policies to fine-tune any integration

A Castle integration can be as simple as a single API call to retrieve IP and User-Agent analysis during login attempts. The same integration can be expanded to protect multiple in-application endpoints with custom policies for each workflow. All integrations include access to the Castle Dashboard, which gives insight into user devices, account activity, and the ability to manage all aspects of the integration for application admins.

The four sections

Visit Getting started if you want to quickly start sending requests to our API.

The Knowledge base contains explanations about Castle’s various capabilities. This will help you learn about what drives Castle’s performance.

Tutorials are available to guide developers through the Castle integration process for various endpoints across mobile and web app platforms.

A Reference is provided for quick look-ups related to our API, webhooks, dashboard settings, supported events, and SDKs.