Skip to main content

Integration

🚀 3. How to Deploy​

Deploying GKTinc is simple and modular—similar to solutions like reCAPTCHA—but without the need for visual interaction. Just add a script to your frontend and perform a verification on the backend. It can be used with any programming language (e.g., PHP, Python, Node, Java, etc.).

🧱 Basic Requirements​

  • Frontend with JavaScript enabled.
  • Backend capable of making an HTTP POST request to the GKTinc API.
  • Have the session ID and a unique identifier (such as username or email) available at the time of submission.

🔧 Step by Step​

1. Frontend (HTML + JS)​

Add the GKTinc script to your page:

<script src="https://guardiankey.io/pt-br/gktc.js"></script>

Adapt your form to trigger the challenge before submitting:

<form method="POST" action="/login" onsubmit="return GKChallengeInject(this);">
    <input type="text" name="username" required>
    <input type="password" name="password" required>
    <input type="hidden" name="sessionid" value="..."> <!-- Session ID provided by the backend -->
    <!-- Challenge fields (gk_token, gk_ts, etc.) will be added automatically -->
    <button type="submit">Login</button>
</form>

The GKChallengeInject() function solves the challenge and automatically injects the required fields into the form at submit time.

2. Backend (PHP Example)​

On the server that receives the POST, use the checkgktinc() function to validate the challenge:

require_once('guardiankey.class.php');

$gk = new GuardianKey();
$is_valid = $gk->checkgktinc($_POST);

if ($is_valid) {
        // proceed with authentication
} else {
        // reject or log suspicious attempt
}

The checkgktinc() function handles communication with the GKTinc API, interprets the result, and returns true or false.

📌 Considerations​

  • GKTinc requires your backend to validate the token received in the POST request, similar to how CAPTCHAs work (see the checkgktinc() function in the example).
  • If you have already integrated reCAPTCHA, you will notice that GKTinc avoids complexities such as public/private keys, token expiration, IP validation, etc.
  • In SPA applications or APIs, challenge data can also be sent via JavaScript (XHR/Fetch) along with the request body.