Castle Destination

Destination Info
  • Browser
Connection Modes
Device-mode Cloud-mode
Web Web
Mobile Mobile
Server Server

Castle monitors every step of the customer journey to help visualize and proactively block fraud that would otherwise fly under the radar. Types of fraud or abuse that can be managed include bots, fake accounts, multi-accounting, and account sharing.

Castle maintains this destination. For any issues with the destination, contact the Castle support team.

Getting Started

  1. Navigate to Connections > Catalog in the Segment web app.
  2. Search for Castle in the Destinations tab of the catalog, and select it, and click Configure Castle.
  3. Choose the sources you want to connect the destination to.
  4. Enter the “Publishable Key” the Publishable Key field. Find the Publishable Key on the Castle dashboard. Calls are now visible in Castle dashboards in real-time.

Castle ingests Segment Client-side events. Server-side events are dropped and not processed. Castle only supports web integrations through Segment, but is in the process of working on mobile support.


If you’re not familiar with the Segment Specs, take a look to understand what the Page call does. An example call looks like:

Segment sends Page calls to Castle as $page events.


If you’re not familiar with the Segment Specs, take a look to understand what the Track method does. An example call looks like:

analytics.track('Added to Cart')

Segment sends Track calls to Castle as a $custom events.

Secure Mode

Send user information as a signed JWT when you use Castle in production. This prevents bad actors from spoofing any user information.

In your backend code, encode the user as a JWT and sign it using your Castle “API Secret”. When Castle receives the JWT, the integrity of the user data is verified to ensure that the data wasn’t tampered with.

Below is an example of how to generate a JWT on your backend using the Ruby language:

jwt_from_backend = JWT.encode({
  id: '97980cfea0067',
  email: ''
}, ENV.fetch('CASTLE_API_SECRET'), 'HS256')

Transfer the user_jwt object to your frontend through a separate API call, or by injecting the code using a templating language:

var userJwt = "<%= jwt_from_backend %>";

// Then use the `userJwt` argument instead of `user` when using any of the tracking methods{userJwt: userJwt});

analytics.identify('97980cfea0067', {
  email: '',
}, {
  Castle: {
    userJwt: userJwt

When Castle receives a JWT version of the user object, its contents override the user object sent the standard Segment way.


Segment lets you change these destination settings from the Segment app without having to touch any code.

Setting Description
Automatic Page tracking boolean, defaults to FALSE .

When you enable automatic page tracking, Castle will track a page view whenever the url of the site changes as opposed to mapping explicitly to your implementation of Segment .page() calls.
string. If your authenticated area is located at a different domain, use the cookie domain setting to change on which url the cookie is set.
API Publishable Key
string. You can find your publishable key under Settings in the Castle dashboard. It should look something like this: pk_KmoUyttyEiHCdFTWSqhAF1SL1z9Fi1yg. This is required and will be used to initialize Castle’s library on your device as well as when you make mobile/server calls through our server side integration.

This page was last modified: 06 Oct 2022

Get started with Segment

Segment is the easiest way to integrate your websites & mobile apps data to over 300 analytics and growth tools.
Create free account