Skip to main content

Castle protects your users from account compromise

Project description

Build Status

Castle analyzes device, location, and interaction patterns in your web and mobile apps and lets you stop account takeover attacks in real-time.


pip install castle


import and configure the library with your Castle API secret.

from castle.configuration import configuration

# Same as setting it through Castle.api_secret
configuration.api_secret = ':YOUR-API-SECRET'

# For authenticate method you can set failover strategies: allow(default), deny, challenge, throw
configuration.failover_strategy = 'deny'

# Castle::RequestError is raised when timing out in milliseconds (default: 500 milliseconds)
configuration.request_timeout = 1000

# Whitelisted and Blacklisted headers are case insensitive and allow to use _ and - as a separator, http prefixes are removed
# Whitelisted headers
configuration.whitelisted = ['X_HEADER']
# or append to default
configuration.whitelisted = configuration.whitelisted + ['http-x-header']

# Blacklisted headers take advantage over whitelisted elements
configuration.blacklisted = ['HTTP-X-header']
# or append to default
configuration.blacklisted = configuration.blacklisted + ['X_HEADER']


Here is a simple example of track event.

from castle.client import Client
from castle import events

castle = Client.from_request(request)
  'event': events.LOGIN_SUCCEEDED,
  'user_id': 'user_id'

The client will automatically configure the context for each request.


from secure_mode import signature


will create a signed user_id.

Async tracking

By default Castle sends requests synchronously. To send requests in a background worker you can generate data for a worker:

from castle.client import Client
from castle import events

context = Client.to_context(request)
options = Client.to_options({
  'event': events.LOGIN_SUCCEEDED,
  'properties': {
    'key': 'value'
  'user_traits': {
    'key': 'value'

and use it later in a way

from castle.client import Client

client = Client(context)


CastleError will be thrown if the Castle API returns a 400 or a 500 level HTTP response. You can also choose to catch a more finegrained error.


Documentation and links to additional resources are available at

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
castle-2.3.1-py2.py3-none-any.whl (35.6 kB) Copy SHA256 hash SHA256 Wheel py2.py3
castle-2.3.1.tar.gz (19.5 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page