improved
API Support for out-of-band requests
over 1 year ago by Sebastian Wallin
Castle's real time decisioning APIs, the Filter and Risk APIs, were originally designed to be used in environments where the activity is initiated by the end-user using a rich client, such as a browser or mobile app. The main power of these endpoints is that the Castle Policy engine is invoked, which means that you can configure real-time, inline responses, as well setting up automations such as List actions or Webhooks.
However, sometimes, there are scenarios when you need to monitor non-interactive environments, such as API clients, or webhook callbacks from payment providers. Today, we're introducing two new API parameters to support environments like these.
Parameter | Description | Example |
---|---|---|
skip_request_token_validation | When set to true , you can track events from clients where it's not possible to use Castle's client side SDK to generate a Request Token. | API Client or Command line interface |
skip_context_validation | When set to true , you can track events without the context parameter, i.e. without IP and/or HTTP headers such as the UserAgent. | Webhook callback, e.g. from payment provider, where the incoming IP and UserAgent typically aren't meaningful |
Read more on how to protect out-of-band requests in the documentation