Changelog

Version 4.0.0 is a major update to the Castle iOS SDK. This release includes several improvements detailed below. Please review the breaking changes below before upgrading.

Castle now lets you choose which API Secret is used for webhook signing. This makes it easier to isolate integrations and rotate secrets independently.

Castle now supports dark mode.

Create multiple Publishable API Keys and API Secrets. Rotate or revoke one key without breaking your other integrations.

Castle now detects email domains that have been confirmed as actively used in fraud and abuse campaigns. Unlike disposable email services (Mailinator, TempMail), these are domains registered specifically for fraud that appear legitimate but exist solely for bot signups and fake accounts.

We’ve expanded authentication_method.type with two new options:

We’ve completely redesigned how you get started with Castle! Our new interactive 3-step guide makes onboarding simple and engaging:

We’ve introduced a new challenge payload object for the $challenge events. It contains a trigger_event field, which describes the event that triggered the challenge (for example, a Login Attempted event).

We’ve made it easier to manage large sets of events by introducing bulk list operations to the Explore Table.

We've enhanced detection for email aliasing in Yahoo and Proton emails.