Skip to main content
Version: Guardian v0.2.1 (deprecated)

Guardian SDK

Surt Guardian is a device intelligence SDK for mobile and web applications. It collects device signals, performs cryptographic attestation where available, and sends everything to the Surt backend for risk assessment. All security decisions are made server-side.

1
Install
Add the SDK to your project
2
Initialize
Configure at app startup
3
Verify
Call verify() on sensitive actions

How It Works

  1. Initialize the SDK at app startup with your API key
  2. Set customer context after user authentication
  3. Call verify() or collect() at security-sensitive moments (login, payment, etc.)
  4. Receive a risk decision from verify(), or an encrypted payload from collect() that your backend sends to Surt

The SDK handles device fingerprinting, attestation challenges, and data collection internally.

Two verification paths

  • verify(): SDK calls Surt directly, returns allowed: true/false to your app. Native SDKs only.
  • collect(): SDK collects and encrypts data locally (zero Surt network calls), your backend calls Surt's evaluate endpoint. Supported on every platform, including web.

Platform Support

PlatformPackageDistributionverify()collect()
Web (Browser)@surtai/guardian-webnpmn/a
React Native@surtai/guardian-rnnpm
iOS (Swift)SurtGuardianSDKSwift Package Manager
Android (Kotlin)com.surt.guardian:securitysdkMaven (GitHub Packages)

Native platforms share the same API surface and are versioned in sync. The web SDK is collect-only: it has no API key in the browser, no verify(), and no app-level initialization.

What It Collects

Without permissions: Hardware info, security indicators (root/jailbreak, emulator, debugger, VPN, Frida, Xposed, Magisk), software info, battery, network type.

With permissions (opt-in): GPS location, WiFi details, SIM/carrier info, camera info.