Guardian SDK
Surt Guardian is a device intelligence SDK for mobile applications. It collects device signals, performs cryptographic attestation, and sends everything to the Surt backend for risk assessment. All security decisions are made server-side.
1
Install
Add the SDK to your project
2
Initialize
Configure at app startup
3
Verify
Call verify() on sensitive actions
How It Works
- Initialize the SDK at app startup with your API key
- Set customer context after user authentication
- Call
verify()orcollect()at security-sensitive moments (login, payment, etc.) - Receive a risk decision from
verify(), or an encrypted payload fromcollect()that your backend sends to Surt
The SDK handles device fingerprinting, attestation challenges, and data collection internally.
Two verification paths
verify()— SDK calls Surt directly, returnsallowed: true/falseto your appcollect()— SDK collects and encrypts data locally (zero Surt network calls), your backend calls Surt's evaluate endpoint
Platform Support
| Platform | Package | Distribution |
|---|---|---|
| React Native | @surtai/guardian-rn | npm |
| iOS (Swift) | SurtGuardianSDK | Swift Package Manager |
| Android (Kotlin) | com.surt.guardian:securitysdk | Maven (GitHub Packages) |
All platforms share the same API surface and are versioned in sync.
What It Collects
Without permissions: Hardware info, security indicators (root/jailbreak, emulator, debugger, VPN, Frida, Xposed, Magisk), software info, battery, network type.
With permissions (opt-in): GPS location, WiFi details, SIM/carrier info, camera info.
Quick Links
- Quick Start: get running in 5 minutes
- React Native: npm install + GuardianProvider
- iOS: Swift Package Manager setup
- Android: Maven/Gradle setup
- Authentication: API keys and access tokens
- Collect (Server-to-Server): backend-to-backend verification
- Risk Levels: understand risk assessment
- Configuration: all SDK options