Quick Start

1

Install

Add the SDK to your project

2

Initialize

Configure at app startup

3

Mint a JWT & Verify

Fetch a fresh JWT, then call verify()

1. Install

Web

npm install @surtai/guardian-web@0.3.0

React Native

npm install @surtai/guardian-rn@0.3.0
cd ios && pod install && cd ..

iOS

In Xcode: File → Add Package Dependencies → enter https://github.com/surtTech/surt-guardian-sdk, version 0.3.0.

Android

build.gradle.kts

dependencies {
    implementation("com.surt.guardian:securitysdk:0.3.0")
}

2. Initialize

Web

No initialization step, the web SDK exposes a single static collect() function with no provider and no setup. Skip to step 3.

React Native

App.tsx

import { GuardianProvider } from '@surtai/guardian-rn';

export default function App() {
  return (
    <GuardianProvider environment="production">
      <Navigation />
    </GuardianProvider>
  );
}

iOS

AppDelegate.swift

import SurtGuardianSDK

GuardianSDK.initialize(
    options: GuardianOptions(environment: .production)
)

Android

MyApplication.kt

import com.surt.guardian.GuardianSDK
import com.surt.guardian.core.Environment
import com.surt.guardian.core.GuardianOptions

GuardianSDK.initialize(
    context = this,
    options = GuardianOptions(environment = Environment.Production)
)

The client never holds your sp_live_* API key. It lives on your backend, which mints the short-lived JWTs used below.

3. Mint a JWT & Verify

Before each verification, your app fetches a short-lived JWT from your own backend (which mints it via Surt's preflight endpoint). In the examples below, fetchVerifyJwt() is your helper that returns the JWT string.

tip

Always fetch a fresh JWT immediately before each verify() call. The attestation nonce embedded in the JWT is single-use - reusing a JWT causes attestation to fail.

Web

Web is collect-only, the SDK returns an encrypted payload your backend forwards to Surt.

SignInButton.tsx

import { collect } from '@surtai/guardian-web';

async function handleSignIn() {
  const { payload } = await collect({ collectLocation: false });

  await fetch('/api/sign-in', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ userId: 'user_123', payload }),
  });
  // Your /api/sign-in forwards `payload` to Surt's evaluate endpoint
  // and decides what to return to the client.
}

React Native

LoginScreen.tsx

import { useGuardian } from '@surtai/guardian-rn';

function LoginScreen() {
  const { verify } = useGuardian();

  const handleLogin = async () => {
    const jwt = await fetchVerifyJwt();
    const result = await verify(jwt);

    if (result.allowed) {
      // Proceed
    } else {
      // Blocked - check result.riskLevel
    }
  };
}

iOS

let jwt = try await fetchVerifyJwt()
let result = try await GuardianSDK.shared.verify(jwt: jwt)

if result.allowed {
    // Proceed
}

Android

val jwt = fetchVerifyJwt()
val result = GuardianSDK.getInstance().verifySuspend(jwt = jwt)

if (result.allowed) {
    // Proceed
}

Next Steps

Choose your platform for the full integration guide:

• Web (Browser)
• React Native
• iOS (Swift)
• Android (Kotlin)