List of recognized events

The events below are the ones supported and recognized by Castle. Custom events may be used in special circumstances, but we strongly recommend using events from this list.

Filter and Risk

NameDescription
$loginAn user logging into your application
$registrationA visitor signing up to become a user of your application
$profile_updateA user updating their email, password, name, or phone number.
$transactionA user transacting, e.g. a withdrawal, transfer, or purchase.
$password_reset_requestA visitor initiating a password reset flow. This event is not meant to be used for when a visitor completes resetting their password.
$challengeFor Risk API only. A user is sent through an additional verification flow, such as Two-factor or Email-verification. This event supports the status $requested in addition to failed/succeeded.

Log

NameDescription
$loginParticularly used with status: "$failed" to record when a user failed to log in due to invalid credentials.
$challengeSee description in the previous table.

Track

NameDescription
$password_reset.succeededThe user completed all of the steps in the password reset process and the password was successfully reset. Password resets do not require knowledge of the current password.
$password_reset.failedUse to record when a user failed to reset their password.
$password_reset_request.failedThe user failed to request a password reset.
$incident.mitigatedUser account has been reset.
$review.escalatedUser confirmed malicious activity.
$challenge.requestedRecord when a user is prompted with additional verification, such as two-factor authentication or a captcha.
$challenge.succeededRecord when additional verification was successful.
$challenge.failedRecord when additional verification failed.
$session.extendedRecord when a user session is extended, or use any time you want to re-authenticate a user mid-session.

Custom events

You can use any custom string as event value to analyze specific business logic that's not represented by Castle's recognized events. The only requirement is that the string cannot start with reserved prefix $.

Authenticate (legacy)

The events below are officially supported as "recognized" events. Custom events may be used for special circumstances, but we strongly recommend using events from this list.

NameDescription
$login.succeededRecord when a user successfully logs in / enters valid credentials.
$login.failedRecord when a user failed to log in due to invalid credentials.
$login.attemptedRecord when a login is attempted, but credential validation has not yet occurred.
$logout.succeededRecord when a user logs out.
$profile_update.succeededRecord when a user updated their profile (including password, email, phone, etc).
$profile_update.failedRecord errors when updating profile.
$profile_update.attemptedRecord when a user profile update is being attempted.
$registration.succeededCapture account creation, both when a user signs up as well as when created manually by an administrator.
$registration.failedRecord when an account failed to be created.
$registration.attemptedRecord when a registration is being attempted, but before it has been validated and account creation occurs.
$password_reset.succeededThe user completed all of the steps in the password reset process and the password was successfully reset. Password resets do not require knowledge of the current password.
$password_reset.failedUse to record when a user failed to reset their password.
$password_reset_request.attemptedThe user attempted to request a password reset.
$password_reset_request.succeededThe user successfully requested a password reset.
$password_reset_request.failedThe user failed to request a password reset.
$incident.mitigatedUser account has been reset.
$review.escalatedUser confirmed malicious activity.
$review.resolvedUser confirmed safe activity. (deprecated)
$challenge.requestedRecord when a user is prompted with additional verification, such as two-factor authentication or a captcha.
$challenge.succeededRecord when additional verification was successful.
$challenge.failedRecord when additional verification failed.
$transaction.attemptedRecord when a user attempts an in-app transaction, such as a purchase or withdrawal.
$session.extendedRecord when a user session is extended, or use any time you want to re-authenticate a user mid-session.