Using the SDK (PHP Example)
Official repositories
- PHP: https://github.com/guardiankey/gtinc-sdk-php
- Python: https://github.com/guardiankey/gtinc-sdk-python
- Java: https://github.com/guardiankey/gtinc-sdk-java
- ASP: https://github.com/guardiankey/gtinc-sdk-asp
- .NET: https://github.com/guardiankey/gtinc-sdk-dotnet
- C#: https://github.com/guardiankey/gtinc-sdk-csharp
- Node.js: https://github.com/guardiankey/gtinc-sdk-node
Other SDKs
Check the GuardianKey organization for possible new SDKs: https://github.com/guardiankey
Purpose
This document provides a practical example of using the GKTinc SDK in PHP.
Important:
The GKTinc SDK is language-agnostic.
PHP is used here only as an implementation example because it is common in web applications, WordPress and legacy systems.
The same concepts apply to any language or framework that consumes the GKTinc API.
Overview of the flow
Integration touches two main points:
-
Server-side (PHP)
- Generate the JavaScript configuration object (
gktinc_config) - Validate the challenge after the form is submitted
- Generate the JavaScript configuration object (
-
Client-side (JavaScript)
- Automatically solve the challenge
- Insert
gktinc_solutioninto the form POST
Simplified flow:
User opens login page
↓
Server generates gktinc_config (PHP SDK)
↓
JS resolves the challenge automatically
↓
Form is submitted with gktinc_solution
↓
Server validates the challenge (PHP SDK)
Requirements
- PHP 5.5 or newer
- Access to the GKTinc API
- Include the official GKTinc JavaScript in the front end
Basic SDK configuration (PHP)
Initialization example
$config = array(
'api_key' => 'YOUR_API_KEY',
'protectiongroup_hashid' => 'YOUR_HASHID',
'default_challenge_level' => 3,
'api_url' => 'https://api.guardiankey.io/',
'sslverify' => true,
'log_file' => __DIR__ . '/gktinc.log',
);
$sdk = new GKTincSDK($config);
Main parameters:
| Parameter | Description |
|---|---|
| api_key | GKTinc API key |
| protectiongroup_hashid | Protected group identifier |
| default_challenge_level | Default challenge level |
| api_url | API base URL (optional) |
| sslverify | SSL verification (boolean) |
| log_file | Log file path (optional) |
Quick setup with Dashboard base64 (server-side)
In the Protection Group Deploy tab you can copy a base64 payload with the SDK settings. The PHP SDK accepts this base64 string directly in the constructor.
Example:
$sdk = new GKTincSDK('BASE64_FROM_PANEL');
This base64 is for the SDK configuration on the server. The browser still needs
the gktinc_config generated by the SDK (next section).
Generating the JavaScript configuration
The SDK dynamically generates the gktinc_config object used by the browser JS.
Example (PHP):
echo '<script>';
echo $sdk->get_javascript_config(
true, // pre_check: query challenge level before rendering
true // pre_enforce_block: block if pre-check returns BLOCK
);
echo '</script>';
Place this before loading the GKTinc JavaScript.
Including the GKTinc JavaScript
Add the official script in your front-end:
<script src="https://guardiankey.io/js/gktinc-setup-latest.js"></script>
Initializing GKTinc on the form
gktinc-setup-latest.js automatically attaches to forms on the page. In most
cases you only need to call gktinc_init with the configuration generated by
the SDK.
Minimal example:
<script>
gktinc_init(gktinc_config);
</script>
If you want to manually target a specific form, you can still do it as below.
Example (HTML + JS):
<form id="loginform" method="post">
<input type="text" id="username" name="username">
<input type="password" name="password">
<button type="submit">Login</button>
</form>
<script>
var formElement = document.getElementById('loginform');
var inputElement = document.getElementById('username');
gktinc_init(
gktinc_config,
formElement,
inputElement,
true
);
</script>
At this point:
- The challenge is solved automatically
- The
gktinc_solutionfield is inserted into the POST
Validating the challenge on the backend (PHP)
After form submit, validate the challenge using the SDK.
If you passed an input element to gktinc_init, send its value to
validate_challenge (e.g. the username).
Example:
if (!empty($_POST['gktinc_solution'])) {
$username = isset($_POST['username']) ? $_POST['username'] : '';
$result = $sdk->validate_challenge(
$username,
true // indicates a prior pre-check occurred
);
if ($result['action'] === 'BLOCK') {
die('Access blocked by GKTinc');
}
}
Validation result includes (among other fields):
- action: ACCEPT or BLOCK
- score: risk score
- country, city
- ip_policy
Fail-open behavior
By default the SDK operates in fail-open mode:
- If the API is unavailable
- If
gktinc_solutionis not present in the POST - If there is a communication error
→ Access is not blocked automatically.
Adjust this behavior according to your application security policy.
Notes
- This document shows a PHP example; the flow is the same for any language.
- You can call the GKTinc API directly without using the SDK.
- The JavaScript is required to generate the
gktinc_solution. - The SDK abstracts salt calculation, payload building and error handling.
For other language integrations, see the API usage and stack-specific examples.