Metrics
With Metrics, you're able to set up rate limiting rules based on time and counters, e.g. to block requests with more than 10 failed logins per IP in the last hour, or when the number of users per device exceeds 2. All Metrics can be used both in policies, as part of criteria in rules, and in the Explore view, where you're able to efficiently tune the thresholds based on historic data and see the impact in real time.
Out of the box, Castle comes with a set of useful default Metrics, available on the standard events like login and registration as well as custom events:
- Number of logins and registrations per IP, last hour. Ideal for rate limiting and blocking spam behavior.
- Number of users per device. Used to stop excessive multi-accounting, while allowing normal usage to go on without friction.
- Number of users per IP, last day. Also useful to strengthen your defenses against multi-accounting.
- Counts per IP, User and Device fingerprint for custom events. By using the special
critical
property when tracking event, you will enable Metrics for any custom event (see below).
Filtering by metrics
You'll find all Metrics under filters and the "metrics" section:

Using metrics in policies and rules
Any Metric can be use together with policies and lists to create powerful automations, like e.g. putting IPs in a block list whenever there are too many failed logins.
To use a Metric in a policy, you first need to create a Segment by 1) heading over to the Policies page and then 2) to Segments and 3) create a new filter

In the modal that is displayed, you'll find all the available metrics under the "Metrics" tab

Creating a new Segment
Once you've created the filter and saved the Segment, it's ready to be used in a policy. Head over to the Policies tab and create a new policy, where you set the new Segment as trigger.

Using a Segment in a Policy
Metrics on custom events
By default, Metrics are only available on Castle standard events like login, registration. However, by tagging the events you track to Castle with the special "critical" property, you'll be able to use metrics on any event within your app (see example below). This is useful to e.g. implement rate-limits on actions like users sending too many invites or sending too many text messages in a short period of time.
{
// Event payload
"type": "$custom",
"name": "Invitaton sent",
// ...
"properties": {
"critical": true
}
// ...
}

Metrics for custom/critical events
Updated 6 months ago