Changelog

Castle now lets you choose which API Secret is used for webhook signing. This makes it easier to isolate integrations and rotate secrets independently.

Castle now supports dark mode.

Castle now lets you create multiple Publishable API Keys and API Secrets. Unlike the previous single-key model where rotating a key broke all integrations at once, you can now maintain separate keys per integration and rotate them independently without downtime.

Castle now detects email domains that have been confirmed as actively used in fraud and abuse campaigns. Unlike disposable email services (Mailinator, TempMail), these are domains registered specifically for fraud that appear legitimate but exist solely for bot signups and fake accounts.

We’ve expanded authentication_method.type with two new options:

We’ve completely redesigned how you get started with Castle! Our new interactive 3-step guide makes onboarding simple and engaging:

We’ve introduced a new challenge payload object for the $challenge events. It contains a trigger_event field, which describes the event that triggered the challenge (for example, a Login Attempted event).

We’ve made it easier to manage large sets of events by introducing bulk list operations to the Explore Table.

We've enhanced detection for email aliasing in Yahoo and Proton emails.

We’re introducing the List Items Batch Upsert feature. You can now upload up to 1,000 List Items at once directly from the Dashboard form by copying and pasting a column from your CSV file or entering values as comma-separated text. Once processed, new List Items will be added to your List and immediately impact event processing.