Castle's real time decisioning APIs, the Filter and Risk APIs, were originally designed to be used in environments where the activity is initiated by the end-user using a rich client, such as a browser or mobile app. The main power of these endpoints is that the Castle Policy engine is invoked, which means that you can configure real-time, inline responses, as well setting up automations such as List actions or Webhooks.
However, sometimes, there are scenarios when you need to monitor non-interactive environments, such as API clients, or webhook callbacks from payment providers. Today, we're introducing two new API parameters to support environments like these.
|When set to ||API Client or Command line interface|
|When set to ||Webhook callback, e.g. from payment provider, where the incoming IP and UserAgent typically aren't meaningful|
Read more on how to protect out-of-band requests in the documentation