You can now export your team members list to a CSV file directly from the Team settings page. This is useful for access reviews, compliance audits, or keeping an offline record of who has access to your Castle account.
Castle already provides the email.domain event field, reflecting the full domain from the email address. With this release, we're adding email.registered_domain, which reduces any subdomain to its registered part using the public suffix list.
Castle has long provided Proxy IP and Tor IP signals to flag suspicious IP activity. With this release, we're adding a new Residential Proxy IP signal and richer IP tunnel intelligence.
Castle can now detect when a user is on a phone call during sensitive actions like login or transactions. This helps you catch social engineering attacks, where a scammer calls the victim and walks them through actions while simultaneously taking over their account.
Export the entries of any List to CSV. Click Export in the list toolbar and download your data.
Version 4.0.0 is a major update to the Castle iOS SDK. This release includes several improvements detailed below. Please review the breaking changes below before upgrading.
Castle now lets you choose which API Secret is used for webhook signing. This makes it easier to isolate integrations and rotate secrets independently.
Castle now supports dark mode.
Create multiple Publishable API Keys and API Secrets. Rotate or revoke one key without breaking your other integrations.
Castle now detects email domains that have been confirmed as actively used in fraud and abuse campaigns. Unlike disposable email services (Mailinator, TempMail), these are domains registered specifically for fraud that appear legitimate but exist solely for bot signups and fake accounts.
