Integration
🚀 3. How to Deploy​
Deploying GKTinc is simple and modular—similar to solutions like reCAPTCHA—but without the need for visual interaction. Just add a script to your frontend and perform a verification on the backend. It can be used with any programming language (e.g., PHP, Python, Node, Java, etc.).
🧱 Basic Requirements​
- Frontend with JavaScript enabled.
- Backend capable of making an HTTP POST request to the GKTinc API.
- Have the session ID and a unique identifier (such as username or email) available at the time of submission.
🔧 Step by Step​
1. Frontend (HTML + JS)​
Add the GKTinc script to your page:
<script src="https://guardiankey.io/pt-br/gktc.js"></script>
Adapt your form to trigger the challenge before submitting:
<form method="POST" action="/login" onsubmit="return GKChallengeInject(this);">
<input type="text" name="username" required>
<input type="password" name="password" required>
<input type="hidden" name="sessionid" value="..."> <!-- Session ID provided by the backend -->
<!-- Challenge fields (gk_token, gk_ts, etc.) will be added automatically -->
<button type="submit">Login</button>
</form>
The GKChallengeInject()
function solves the challenge and automatically injects the required fields into the form at submit time.
2. Backend (PHP Example)​
On the server that receives the POST, use the checkgktinc()
function to validate the challenge:
require_once('guardiankey.class.php');
$gk = new GuardianKey();
$is_valid = $gk->checkgktinc($_POST);
if ($is_valid) {
// proceed with authentication
} else {
// reject or log suspicious attempt
}
The checkgktinc()
function handles communication with the GKTinc API, interprets the result, and returns true or false.
📌 Considerations​
- GKTinc requires your backend to validate the token received in the POST request, similar to how CAPTCHAs work (see the
checkgktinc()
function in the example). - If you have already integrated reCAPTCHA, you will notice that GKTinc avoids complexities such as public/private keys, token expiration, IP validation, etc.
- In SPA applications or APIs, challenge data can also be sent via JavaScript (XHR/Fetch) along with the request body.