Skip to main content

Castle protects your users from account compromise

Project description

Build Status

Castle analyzes user behavior in web and mobile apps to stop fraud before it happens.

Installation

pip install castle

Configuration

Import and configure the library with your Castle API secret.

from castle.configuration import configuration, DEFAULT_ALLOWLIST

# Same as setting it through Castle.api_secret
configuration.api_secret = ':YOUR-API-SECRET'

# For authenticate method you can set failover strategies: allow(default), deny, challenge, throw
configuration.failover_strategy = 'deny'

# Castle::RequestError is raised when timing out in milliseconds (default: 1000 milliseconds)
configuration.request_timeout = 1500

# Base Castle API url
# configuration.base_url = "https://api.castle.io/v1"

# Logger (need to respond to info method) - logs Castle API requests and responses
# configuration.logger = logging.getLogger()

# Allowlisted and Denylisted headers are case insensitive
# and allow to use _ and - as a separator, http prefixes are removed
# By default all headers are passed, but some are automatically scrubbed.
# If you need to apply an allowlist, we recommend using the minimum set of
# standard headers that we've exposed in the `DEFAULT_ALLOWLIST` constant.
# Allowlisted headers
configuration.allowlisted = DEFAULT_ALLOWLIST + ['X_HEADER']

# Denylisted headers take advantage over allowlisted elements. Note that
# some headers are always scrubbed, for security reasons.
configuration.denylisted = ['HTTP-X-header']

# Castle needs the original IP of the client, not the IP of your proxy or load balancer.
# The SDK will only trust the proxy chain as defined in the configuration.
# We try to fetch the client IP based on X-Forwarded-For or Remote-Addr headers in that order,
# but sometimes the client IP may be stored in a different header or order.
# The SDK can be configured to look for the client IP address in headers that you specify.

# Sometimes, Cloud providers do not use consistent IP addresses to proxy requests.
# In this case, the client IP is usually preserved in a custom header. Example:
# Cloudflare preserves the client request in the 'Cf-Connecting-Ip' header.
# It would be used like so: configuration.ip_headers=['Cf-Connecting-Ip']
configuration.ip_headers = []

# If the specified header or X-Forwarded-For default contains a proxy chain with public IP addresses,
# then you must choose only one of the following (but not both):
# 1. The trusted_proxies value must match the known proxy IPs. This option is preferable if the IP is static.
# 2. The trusted_proxy_depth value must be set to the number of known trusted proxies in the chain (see below).
# This option is preferable if the IPs are ephemeral, but the depth is consistent.

# Additionally to make X-Forwarded-For and other headers work better discovering client ip address,
# and not the address of a reverse proxy server, you can define trusted proxies
# which will help to fetch proper ip from those headers

# In order to extract the client IP of the X-Forwarded-For header
# and not the address of a reverse proxy server, you must define all trusted public proxies
# you can achieve this by listing all the proxies ip defined by string or regular expressions
# in the trusted_proxies setting
configuration.trusted_proxies = []
# or by providing number of trusted proxies used in the chain
configuration.trusted_proxy_depth = 0
# note that you must pick one approach over the other.

# If there is no possibility to define options above and there is no other header that holds the client IP,
# then you may set trust_proxy_chain = true to trust all of the proxy IPs in X-Forwarded-For
configuration.trust_proxy_chain = false
# *Warning*: this mode is highly promiscuous and could lead to wrongly trusting a spoofed IP if the request passes through a malicious proxy

# *Note: the default list of proxies that are always marked as "trusted" can be found in: Castle::Configuration::TRUSTED_PROXIES

Usage

See [documentation](https://docs.castle.io) for how to use this SDK with the Castle APIs

Multi-environment configuration

It is also possible to define multiple configs within one application.

from castle.configuration import Configuration

# Initialize new instance of Castle::Configuration
config = Configuration()
config.api_secret = ':YOUR-API-SECRET'

After a successful setup, you can pass the config to any API command as follows:

from castle.api.get_device import APIGetDevice

# Get device data
APIGetDevice.call(device_token, config)

Signature

from secure_mode import signature

signature(user_id)

will create a signed user_id.

Exceptions

CastleError will be thrown if the Castle API returns a 400 or a 500 level HTTP response. You can also choose to catch a more finegrained error.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

castle-6.1.0.tar.gz (21.1 kB view details)

Uploaded Source

Built Distribution

castle-6.1.0-py2.py3-none-any.whl (33.4 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file castle-6.1.0.tar.gz.

File metadata

  • Download URL: castle-6.1.0.tar.gz
  • Upload date:
  • Size: 21.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.7 tqdm/4.63.0 importlib-metadata/4.11.3 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for castle-6.1.0.tar.gz
Algorithm Hash digest
SHA256 b9d842637f9a95760e6259fd0cd13349a1a6acd532036efe6c186eeb6a01bf2b
MD5 04f6ed4d59e5312816e28f02b66641f1
BLAKE2b-256 d82af3a5a6c568a2706e0a7e5db0388e973d8b72b3ccf86244bb57b46f2d1f95

See more details on using hashes here.

File details

Details for the file castle-6.1.0-py2.py3-none-any.whl.

File metadata

  • Download URL: castle-6.1.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 33.4 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.7 tqdm/4.63.0 importlib-metadata/4.11.3 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for castle-6.1.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 410bc4f10407b487778d5aadfad7980b1335f207cbc852ee6fd8201273c88d25
MD5 d39cf1fc21a37a1927e8678ff4db68c3
BLAKE2b-256 da85a53764adf2731464e94db484cc0dd3a9d9dc0aec6a867de5321ef4b939ec

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page