castle-go is a Go library wrapping the https://castle.io API.
go get github.com/utilitywarehouse/castle-go
castle.NewWithHTTPClient("secret-api-key", &http.Client{Timeout: time.Second * 2})The pkg wraps the two Risk Assessment endpoints of the Castle API: Risk and Filter.
The difference between the two are better explained in the docs:
The biggest difference between the Risk API and the Filter API is the former is used for checking a user that has successfully logged in (so you measure risk of their actions in your app), whereas the latter is used to check visitors, before they log in (so you filter out abusive behavior).
The right usage of the Filter API and rest of the technical differences are laid out here.
All in all, use Filter API for anonymous user events, and Risk API for logged in users. The model of the endpoints is almost the same, the request is almost identical while the response is 100%. Both return risk assessment scores, which depending on the flow (event and status) might be ignored.
Package returns castle.APIError type for all Castle API errors, which are responses with any non 2** status codes. The error type contains both the status code and the response body.
Metrics are enabled by default. Pass castle.WithMetrics(false) to the constructor to disable them.
The Log API is currently not exposed in this pkg, as it is not a risk assessment endpoint, therefore the general risk scoring is not affected by it:
Scores are computed in real time from the data sent via the Risk and Filter APIs 1
Note that these can also be sent to the Log API, but that would degrade risk scoring performance since the risk score isn't evaluated for Log events 2
Originally forked from castle/castle-go now it lives on its own. The original repo has not been maintained, and as of today only supports long deprecated Castle APIs.