List of recognized event types

The event types below are the ones supported and recognized by Castle. Please see the API reference for more details.

Filter, Risk, and Log

NameDescription
$loginAn user logging into your application
$registrationA visitor signing up to become a user of your application
$profile_updateA user updating their email, phone, name, or password.
$profile_resetA user resetting their email, phone, name, or password.
$transactionA user transacting, e.g. a withdrawal, transfer, or purchase.
$password_reset_requestA visitor initiating a password reset flow. This event is not meant to be used for when a visitor completes the resetting of their password, which is where you'd instead send a $profile_update event.
$challengeNot available for Filter. A user is sent through an additional verification flow, such as Two-factor or Email-verification. This event supports the status $requested in addition to $failed and $succeeded.
$customAny business-specific user activity that's not covered by the events above. The status field isn't supported for these events and you should instead populate name.

Track (legacy)

NameDescription
$password_reset.succeededThe user completed all of the steps in the password reset process and the password was successfully reset. Password resets do not require knowledge of the current password.
$password_reset.failedUse to record when a user failed to reset their password.
$password_reset_request.failedThe user failed to request a password reset.
$incident.mitigatedUser account has been reset.
$review.escalatedUser confirmed malicious activity.
$challenge.requestedRecord when a user is prompted with additional verification, such as two-factor authentication or a captcha.
$challenge.succeededRecord when additional verification was successful.
$challenge.failedRecord when additional verification failed.
$session.extendedRecord when a user session is extended, or use any time you want to re-authenticate a user mid-session.

Authenticate (legacy)

The events below are officially supported as "recognized" events. Custom events may be used for special circumstances, but we strongly recommend using events from this list.

NameDescription
$login.succeededRecord when a user successfully logs in / enters valid credentials.
$login.failedRecord when a user failed to log in due to invalid credentials.
$login.attemptedRecord when a login is attempted, but credential validation has not yet occurred.
$logout.succeededRecord when a user logs out.
$profile_update.succeededRecord when a user updated their profile (including password, email, phone, etc).
$profile_update.failedRecord errors when updating profile.
$profile_update.attemptedRecord when a user profile update is being attempted.
$registration.succeededCapture account creation, both when a user signs up as well as when created manually by an administrator.
$registration.failedRecord when an account failed to be created.
$registration.attemptedRecord when a registration is being attempted, but before it has been validated and account creation occurs.
$password_reset.succeededThe user completed all of the steps in the password reset process and the password was successfully reset. Password resets do not require knowledge of the current password.
$password_reset.failedUse to record when a user failed to reset their password.
$password_reset_request.attemptedThe user attempted to request a password reset.
$password_reset_request.succeededThe user successfully requested a password reset.
$password_reset_request.failedThe user failed to request a password reset.
$incident.mitigatedUser account has been reset.
$review.escalatedUser confirmed malicious activity.
$review.resolvedUser confirmed safe activity. (deprecated)
$challenge.requestedRecord when a user is prompted with additional verification, such as two-factor authentication or a captcha.
$challenge.succeededRecord when additional verification was successful.
$challenge.failedRecord when additional verification failed.
$transaction.attemptedRecord when a user attempts an in-app transaction, such as a purchase or withdrawal.
$session.extendedRecord when a user session is extended, or use any time you want to re-authenticate a user mid-session.