How it works
⚙️ 2. How It Works
GKTinc operates by adding a lightweight cryptographic challenge, automatically solved in the user's browser and validated via API on the backend. This helps identify and deter automated requests without impacting the experience of legitimate users. The Basic version provides the standard challenge flow, while Enhanced offers the full feature set described in the enhanced integration sections.
🔐 Workflow
Browser (Frontend)
- The page's HTML (e.g., login) loads the
gktc.jsscript from GuardianKey. - When submitting the
<form>, JavaScript performs a lightweight cryptographic calculation based on:- Session ID
- User identifier (username, email, or equivalent)
- Dynamic variables (salt, timestamp, nonce)
- The result is automatically injected as hidden fields in the form.
- Basic: uses the standard challenge parameters.
- Enhanced: enables additional configuration options available in the enhanced integration.
Server (Backend)
- The backend (PHP, Python, Java, etc.) receives the POST containing the challenge data.
- The
checkgktinc()function (or equivalent in the chosen language) is called with the received data. - The backend submits this data to the GKTinc API.
- The API responds with:
- VALID: The challenge was correctly solved in the browser.
- INVALID: The challenge is invalid or missing — likely automation.
Decision
- The protected system should only proceed (e.g., authenticate the user) if the challenge is VALID.
💡 Technical Notes
- GKTinc does not rely on cookies, fingerprinting, or reputation databases. It is based solely on the local execution of the cryptographic challenge.
- It can be integrated with any backend language, as long as it is possible to:
- Receive POST data with the challenge fields
- Make an HTTP request to the GKTinc API
- The challenge complexity is adjustable, allowing you to tune the computational load according to the endpoint's risk.
- Basic provides a consistent default complexity.
- Enhanced exposes additional options described in the enhanced integration.