Skip to main content

Integration of Basic Dissuasion

GKTinc basic Dissuation

This guide covers the integration of the basic GKTinc version. For the complete set of GKTinc features, please refer to the GKTinc Enhanced sections later in this document.

🚀 How to Deploy

Deploying GKTinc Basic is simple and modular—similar to solutions like reCAPTCHA—but without the need for visual interaction. Just add a script to your frontend and perform a verification on the backend. It can be used with any programming language (e.g., PHP, Python, Node, Java, etc.).

🧱 Basic Requirements

  • Frontend with JavaScript enabled.
  • Backend capable of making an HTTP POST request to the GKTinc API.
  • Have the session ID and a unique identifier (such as username or email) available at the time of submission.

🔧 Step by Step

1. Frontend (HTML + JS)

Add the GKTinc script to your page:

<script src="https://guardiankey.io/pt-br/gktc.js"></script>

Adapt your form to trigger the challenge before submitting:

<form method="POST" action="/login" onsubmit="return GKChallengeInject(this);">
    <input type="text" name="username" required>
    <input type="password" name="password" required>
    <input type="hidden" name="sessionid" value="..."> <!-- Session ID provided by the backend -->
    <!-- Challenge fields (gk_token, gk_ts, etc.) will be added automatically -->
    <button type="submit">Login</button>
</form>

The GKChallengeInject() function solves the challenge and automatically injects the required fields into the form at submit time.

2. Backend (PHP Example)

On the server that receives the POST, use the checkgktinc() function to validate the challenge:

require_once('guardiankey.class.php');

$gk = new GuardianKey();
$is_valid = $gk->checkgktinc($_POST);

if ($is_valid) {
        // proceed with authentication
} else {
        // reject or log suspicious attempt
}

The checkgktinc() function handles communication with the GKTinc API, interprets the result, and returns true or false.

📌 Considerations

  • GKTinc requires your backend to validate the token received in the POST request, similar to how CAPTCHAs work (see the checkgktinc() function in the example).
  • If you have already integrated reCAPTCHA, you will notice that GKTinc avoids complexities such as public/private keys, token expiration, IP validation, etc.
  • In SPA applications or APIs, challenge data can also be sent via JavaScript (XHR/Fetch) along with the request body.