improved

API Support for out-of-band requests

Castle's real time decisioning APIs, the Filter and Risk APIs, were originally designed to be used in environments where the activity is initiated by the end-user using a rich client, such as a browser or mobile app. The main power of these endpoints is that the Castle Policy engine is invoked, which means that you can configure real-time, inline responses, as well setting up automations such as List actions or Webhooks.

However, sometimes, there are scenarios when you need to monitor non-interactive environments, such as API clients, or webhook callbacks from payment providers. Today, we're introducing two new API parameters to support environments like these.

ParameterDescriptionExample
skip_request_token_validationWhen set to true, you can track events from clients where it's not possible to use Castle's client side SDK to generate a Request Token.API Client or Command line interface
skip_context_validationWhen set to true, you can track events without the context parameter, i.e. without IP and/or HTTP headers such as the UserAgent.Webhook callback, e.g. from payment provider, where the incoming IP and UserAgent typically aren't meaningful

Read more on how to protect out-of-band requests in the documentation