Additional In-App Endpoint Protection

Castle can protect additional in-app endpoints beyond logins and registrations. Here is the list of events that we officially support. In addition to $login.succeeded and $registration.attempted, events that are often sent to our /authenticate endpoint include:

  • $profile_update.succeeded
  • $password_reset_request.succeeded
  • $transaction.attempted

We also support these additional events as feedback mechanisms to give important feedback about individual user accounts to our models:

  • $challenge.succeeded
  • $password_reset


The following steps serve as a rough guide to using Castle for additional in-app endpoints. Refer to our other guides linked above for a detailed explanation of the topics below.

  1. Install Castle Fingerprinting
  1. Send Events to Castle
  • events to /authenticate (synchronous) for risk scoring
  • events to /track (async) for informative purposes (such as traffic analysis and feedback)
  1. Configure Policies
  2. Use Webhooks