Events

List of recognized event types

The event types below are the ones supported and recognized by Castle. Please see the API reference for more details.

Filter, Risk, and Log

NameDescription
$loginA user logging into your application. See Protecting the login
$registrationA visitor signing up to become a user of your application. See Protecting the registration
$profile_updateA user updating their email, phone, name, or password.
$profile_resetA user resetting their email, phone, name, or password.
$transactionA user transacting, e.g. a withdrawal, transfer, or purchase. See Protecting the transaction
$password_reset_requestA visitor initiating a password reset flow. This event is not meant to be used for when a visitor completes the resetting of their password, which is where you'd instead send a $profile_update event.
$challengeA user is sent through an additional verification flow, such as CAPTCHA, Two-factor or Email-verification. This event supports the status $requested in addition to $failed and $succeeded.
$customAny business-specific user activity that's not covered by the events above. The status field isn't supported for these events, and you should instead populate name.

Track (legacy)

NameDescription
$password_reset.succeededThe user completed all the steps in the password reset process and the password was successfully reset. Password resets do not require knowledge of the current password.
$password_reset.failedUse to record when a user failed to reset their password.
$password_reset_request.failedThe user failed to request a password reset.
$incident.mitigatedUser account has been reset.
$review.escalatedUser confirmed malicious activity.
$challenge.requestedRecord when a user is prompted with additional verification, such as two-factor authentication or a captcha.
$challenge.succeededRecord when additional verification was successful.
$challenge.failedRecord when additional verification failed.
$session.extendedRecord when a user session is extended, or use any time you want to re-authenticate a user mid-session.

Authenticate (legacy)

The events below are officially supported as "recognized" events. Custom events may be used for special circumstances, but we strongly recommend using events from this list.

NameDescription
$login.succeededRecord when a user successfully logs in / enters valid credentials.
$login.failedRecord when a user failed to log in due to invalid credentials.
$login.attemptedRecord when a login is attempted, but credential validation has not yet occurred.
$logout.succeededRecord when a user logs out.
$profile_update.succeededRecord when a user updated their profile (including password, email, phone, etc).
$profile_update.failedRecord errors when updating profile.
$profile_update.attemptedRecord when a user profile update is being attempted.
$registration.succeededCapture account creation, both when a user signs up as well as when created manually by an administrator.
$registration.failedRecord when an account failed to be created.
$registration.attemptedRecord when a registration is being attempted, but before it has been validated and account creation occurs.
$password_reset.succeededThe user completed all the steps in the password reset process and the password was successfully reset. Password resets do not require knowledge of the current password.
$password_reset.failedUse to record when a user failed to reset their password.
$password_reset_request.attemptedThe user attempted to request a password reset.
$password_reset_request.succeededThe user successfully requested a password reset.
$password_reset_request.failedThe user failed to request a password reset.
$incident.mitigatedUser account has been reset.
$review.escalatedUser confirmed malicious activity.
$review.resolvedUser confirmed safe activity. (deprecated)
$challenge.requestedRecord when a user is prompted with additional verification, such as two-factor authentication or a captcha.
$challenge.succeededRecord when additional verification was successful.
$challenge.failedRecord when additional verification failed.
$transaction.attemptedRecord when a user attempts an in-app transaction, such as a purchase or withdrawal.
$session.extendedRecord when a user session is extended, or use any time you want to re-authenticate a user mid-session.