Skip to main content

How it works

⚙️ 2. How It Works

GKTinc operates by adding a lightweight cryptographic challenge, automatically solved in the user's browser and validated via API on the backend. This helps identify and deter automated requests without impacting the experience of legitimate users.

🔐 Workflow

Browser (Frontend)

  • The page's HTML (e.g., login) loads the gktc.js script from GuardianKey.
  • When submitting the <form>, JavaScript performs a lightweight cryptographic calculation based on:
    • Session ID
    • User identifier (username, email, or equivalent)
    • Dynamic variables (salt, timestamp, nonce)
  • The result is automatically injected as hidden fields in the form.

Server (Backend)

  • The backend (PHP, Python, Java, etc.) receives the POST containing the challenge data.
  • The checkgktinc() function (or equivalent in the chosen language) is called with the received data.
  • The backend submits this data to the GKTinc API.
  • The API responds with:
    • VALID: The challenge was correctly solved in the browser.
    • INVALID: The challenge is invalid or missing — likely automation.

Decision

  • The protected system should only proceed (e.g., authenticate the user) if the challenge is VALID.

💡 Technical Notes

  • GKTinc does not rely on cookies, fingerprinting, or reputation databases. It is based solely on the local execution of the cryptographic challenge.
  • It can be integrated with any backend language, as long as it is possible to:
    • Receive POST data with the challenge fields
    • Make an HTTP request to the GKTinc API
  • The challenge complexity is adjustable, allowing you to tune the computational load according to the endpoint's risk.