{"id":19745178,"url":"https://github.com/castle/castle-python","last_synced_at":"2025-07-02T08:38:37.835Z","repository":{"id":25693326,"uuid":"96943835","full_name":"castle/castle-python","owner":"castle","description":"Python library for Castle","archived":false,"fork":false,"pushed_at":"2022-03-22T21:31:23.000Z","size":277,"stargazers_count":3,"open_issues_count":0,"forks_count":5,"subscribers_count":18,"default_branch":"develop","last_synced_at":"2025-04-30T07:43:24.008Z","etag":null,"topics":["castle","fraud-detection","fraud-prevention","python","sdk"],"latest_commit_sha":null,"homepage":"https://castle.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/castle.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-11T22:55:37.000Z","updated_at":"2023-02-02T16:43:11.000Z","dependencies_parsed_at":"2022-07-25T14:52:06.144Z","dependency_job_id":null,"html_url":"https://github.com/castle/castle-python","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/castle/castle-python","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2Fcastle-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2Fcastle-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2Fcastle-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2Fcastle-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/castle","download_url":"https://codeload.github.com/castle/castle-python/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castle%2Fcastle-python/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263105377,"owners_count":23414643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["castle","fraud-detection","fraud-prevention","python","sdk"],"created_at":"2024-11-12T02:04:44.220Z","updated_at":"2025-07-02T08:38:37.808Z","avatar_url":"https://github.com/castle.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Python SDK for Castle\n=====================\n\n.. image:: https://circleci.com/gh/castle/castle-python.svg?style=shield\u0026branch=master\n   :alt: Build Status\n   :target: https://circleci.com/gh/castle/castle-python\n\n`Castle \u003chttps://castle.io\u003e`_ **analyzes user behavior in web and mobile apps to stop fraud before it happens.**\n\nInstallation\n------------\n\n``pip install castle``\n\nConfiguration\n-------------\n\nImport and configure the library with your Castle API secret.\n\n.. code:: python\n\n    from castle.configuration import configuration, DEFAULT_ALLOWLIST\n\n    # Same as setting it through Castle.api_secret\n    configuration.api_secret = ':YOUR-API-SECRET'\n\n    # For authenticate method you can set failover strategies: allow(default), deny, challenge, throw\n    configuration.failover_strategy = 'deny'\n\n    # Castle::RequestError is raised when timing out in milliseconds (default: 1000 milliseconds)\n    configuration.request_timeout = 1500\n\n    # Base Castle API url\n    # configuration.base_url = \"https://api.castle.io/v1\"\n\n    # Logger (need to respond to info method) - logs Castle API requests and responses\n    # configuration.logger = logging.getLogger()\n\n    # Allowlisted and Denylisted headers are case insensitive\n    # and allow to use _ and - as a separator, http prefixes are removed\n    # By default all headers are passed, but some are automatically scrubbed.\n    # If you need to apply an allowlist, we recommend using the minimum set of\n    # standard headers that we've exposed in the `DEFAULT_ALLOWLIST` constant.\n    # Allowlisted headers\n    configuration.allowlisted = DEFAULT_ALLOWLIST + ['X_HEADER']\n\n    # Denylisted headers take advantage over allowlisted elements. Note that\n    # some headers are always scrubbed, for security reasons.\n    configuration.denylisted = ['HTTP-X-header']\n\n    # Castle needs the original IP of the client, not the IP of your proxy or load balancer.\n    # The SDK will only trust the proxy chain as defined in the configuration.\n    # We try to fetch the client IP based on X-Forwarded-For or Remote-Addr headers in that order,\n    # but sometimes the client IP may be stored in a different header or order.\n    # The SDK can be configured to look for the client IP address in headers that you specify.\n\n    # Sometimes, Cloud providers do not use consistent IP addresses to proxy requests.\n    # In this case, the client IP is usually preserved in a custom header. Example:\n    # Cloudflare preserves the client request in the 'Cf-Connecting-Ip' header.\n    # It would be used like so: configuration.ip_headers=['Cf-Connecting-Ip']\n    configuration.ip_headers = []\n\n    # If the specified header or X-Forwarded-For default contains a proxy chain with public IP addresses,\n    # then you must choose only one of the following (but not both):\n    # 1. The trusted_proxies value must match the known proxy IPs. This option is preferable if the IP is static.\n    # 2. The trusted_proxy_depth value must be set to the number of known trusted proxies in the chain (see below).\n    # This option is preferable if the IPs are ephemeral, but the depth is consistent.\n\n    # Additionally to make X-Forwarded-For and other headers work better discovering client ip address,\n    # and not the address of a reverse proxy server, you can define trusted proxies\n    # which will help to fetch proper ip from those headers\n\n    # In order to extract the client IP of the X-Forwarded-For header\n    # and not the address of a reverse proxy server, you must define all trusted public proxies\n    # you can achieve this by listing all the proxies ip defined by string or regular expressions\n    # in the trusted_proxies setting\n    configuration.trusted_proxies = []\n    # or by providing number of trusted proxies used in the chain\n    configuration.trusted_proxy_depth = 0\n    # note that you must pick one approach over the other.\n\n    # If there is no possibility to define options above and there is no other header that holds the client IP,\n    # then you may set trust_proxy_chain = true to trust all of the proxy IPs in X-Forwarded-For\n    configuration.trust_proxy_chain = false\n    # *Warning*: this mode is highly promiscuous and could lead to wrongly trusting a spoofed IP if the request passes through a malicious proxy\n\n    # *Note: the default list of proxies that are always marked as \"trusted\" can be found in: Castle::Configuration::TRUSTED_PROXIES\n\nUsage\n-------------------------------\n\nSee [documentation](https://docs.castle.io) for how to use this SDK with the Castle APIs\n\n\nMulti-environment configuration\n-------------------------------\n\nIt is also possible to define multiple configs within one application.\n\n.. code:: python\n\n    from castle.configuration import Configuration\n\n    # Initialize new instance of Castle::Configuration\n    config = Configuration()\n    config.api_secret = ':YOUR-API-SECRET'\n\nAfter a successful setup, you can pass the config to any API command as follows:\n\n.. code:: python\n\n    from castle.api.get_device import APIGetDevice\n\n    # Get device data\n    APIGetDevice.call(device_token, config)\n\n\nSignature\n---------\n\n.. code:: python\n\n    from secure_mode import signature\n\n    signature(user_id)\n\nwill create a signed user_id.\n\nExceptions\n----------\n\n``CastleError`` will be thrown if the Castle API returns a 400 or a 500\nlevel HTTP response. You can also choose to catch a more `finegrained\nerror \u003chttps://github.com/castle/castle-python/blob/master/castle/errors.py\u003e`__.\n\n\n.. |Build Status| image:: https://travis-ci.org/castle/castle-python.svg?branch=master\n   :target: https://travis-ci.org/castle/castle-python\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcastle%2Fcastle-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcastle%2Fcastle-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcastle%2Fcastle-python/lists"}