Skip to main content

Reactors

For an overview of Reactors and when to use them, see What are Reactors?.

Runtime Options

Reactors run in Basis Theory's Runtime environment and support the next images:

RuntimeDescriptionProvisioning
node-btDefault runtime with curated dependencies. No runtime object needed.Synchronous
node22Modern Node.js 22 that offers dependency customization.Asynchronous

Create Reactor

Create a new Reactor for the Tenant.

POST
https://api.basistheory.com/reactors
Copy

node22 provisioning is asynchronous. Check valid states for execution.

Permissions

reactor:create

Request

javascript='module.exports = async function (req) {
  // Do something with req.configuration.SERVICE_API_KEY

  return {
    raw: {
      foo: "bar"
    }
  };
};'

curl "https://api.basistheory.com/reactors" \
  -H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
  -H "Content-Type: application/json" \
  -X "POST" \
  -d '{
    "name": "My Reactor",
    "code": '"$(echo $javascript | jq -Rsa .)"',
    "configuration": {
      "SERVICE_API_KEY": "key_abcd1234"
    },
    "application": {
      "id": "45c124e7-6ab2-4899-b4d9-1388b0ba9d04"
    }
  }'

Request Parameters

AttributeRequiredTypeRuntimeDescription
nametruestringAllThe name of the reactor. Has a maximum length of 200
codetruestringAllReactor code which will be executed when the Reactor is processed
configurationfalsemap<string, string>AllA string key and string value map of predefined configuration names and values accessible from the Reactor code
runtimefalseRuntime ObjectAllRuntime configuration for the reactor.
application.idfalseuuidnode-btThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.

Response

Returns a Reactor if the Reactor was created. Returns an error if there were validation errors, or the Reactor failed to create.

{
  "id": "5b493235-6917-4307-906a-2cd6f1a90b13",
  "tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
  "name": "My Reactor",
  "code": "
    module.exports = async function (req) {
      // Do something with req.configuration.SERVICE_API_KEY

      return {
        raw: {
          foo: 'bar',
        }
      };
    };
  ",
  "application": {...},
  "configuration": {
    "SERVICE_API_KEY": "key_abcd1234"
  },
  "created_by": "3ce0dceb-fd0b-4471-8006-c51243c9ef7a",
  "created_at": "2020-09-15T15:53:00+00:00"
}

List Reactors

Get a list of reactors for the Tenant.

GET
https://api.basistheory.com/reactors
Copy

Permissions

reactor:read

Request

curl "https://api.basistheory.com/reactors" \
  -H "BT-API-KEY: <MANAGEMENT_API_KEY>"

Query Parameters

ParameterRequiredTypeDefaultDescription
idfalsearray[]An optional list of Reactor ID's to filter the list of reactors by
namefalsestringnullWildcard search of reactors by name

Response

Returns a paginated object with the data property containing an array of reactors. Providing any query parameters will filter the results. Returns an error if reactors could not be retrieved.

{
  "pagination": {...}
  "data": [
    {
      "id": "5b493235-6917-4307-906a-2cd6f1a90b13",
      "tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
      "name": "My Reactor",
      "code": "
        module.exports = async function (req) {
          // Do something with req.configuration.SERVICE_API_KEY

          return {
            raw: {
              foo: 'bar',
            }
          };
        };
      ",
      "configuration": {
        "SERVICE_API_KEY": "key_abcd1234"
      },
      "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
      "created_at": "2020-09-15T15:53:00+00:00",
      "modified_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
      "modified_at": "2021-03-01T08:23:14+00:00"
    },
    {...},
    {...}
  ]
}

Get a Reactor

Get a Reactor by ID in the Tenant.

GET
https://api.basistheory.com/reactors/{id}
Copy

Permissions

reactor:read

Request

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13" \
  -H "BT-API-KEY: <MANAGEMENT_API_KEY>"

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Response

Returns a Reactor with the id provided. Returns an error if the Reactor could not be retrieved.

{
  "id": "5b493235-6917-4307-906a-2cd6f1a90b13",
  "tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
  "name": "My Reactor",
  "code": "
    module.exports = async function (req) {
      // Do something with req.configuration.SERVICE_API_KEY

      return {
        raw: {
          foo: 'bar',
        }
      };
    };
  ",
  "configuration": {
    "SERVICE_API_KEY": "key_abcd1234"
  },
  "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
  "created_at": "2020-09-15T15:53:00+00:00",
  "modified_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
  "modified_at": "2021-03-01T08:23:14+00:00"
}

Update Reactor

Update a Reactor by ID in the Tenant.

PUT
https://api.basistheory.com/reactors/{id}
Copy

node22 updates are asynchronous. Check valid states where node22 can be updated.

Permissions

reactor:update

Request

javascript='module.exports = async function (req) {
  // Do something with req.configuration.SERVICE_API_KEY

  return {
    raw: {
      foo: "bar"
    }
  };
};'

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13" \
  -H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
  -H "Content-Type: application/json" \
  -X "PUT" \
  -d '{
    "name": "My Reactor",
    "code": '"$(echo $javascript | jq -Rsa .)"',
    "configuration": {
      "SERVICE_API_KEY": "key_abcd1234"
    },
    "application": {
      "id": "45c124e7-6ab2-4899-b4d9-1388b0ba9d04"
    }
  }'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Request Parameters

AttributeRequiredTypeRuntimeDescription
nametruestringAllThe name of the reactor. Has a maximum length of 200
codetruestringAllReactor code which will be executed when the Reactor is processed
configurationfalsemap<string, string>AllA string key and string value map of predefined configuration names and values accessible from the Reactor code
runtimefalseRuntime ObjectAllRuntime configuration for the reactor.
application.idfalseuuidnode-btThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.

Response

Returns a Reactor if the Reactor was updated. Returns an error if there were validation errors, or the Reactor failed to update.

{
  "id": "5b493235-6917-4307-906a-2cd6f1a90b13",
  "tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
  "name": "My Reactor",
  "code": "
    module.exports = async function (req) {
      // Do something with req.configuration.SERVICE_API_KEY

      return {
        raw: {
          foo: 'bar'
        }
      };
    };
  ",
  "configuration": {
    "SERVICE_API_KEY": "key_abcd1234"
  },
  "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
  "created_at": "2020-09-15T15:53:00+00:00",
  "modified_by": "34053374-d721-43d8-921c-5ee1d337ef21",
  "modified_at": "2021-03-01T08:23:14+00:00"
}

node22 Vulnerability Failure Details

If a node22 deployment fails due to HIGH or CRITICAL dependency vulnerabilities, the Reactor includes vulnerability details in requested.

For create operations this is typically returned with state: "failed". For update operations this is typically returned with state: "outdated".

{
  "id": "5b493235-6917-4307-906a-2cd6f1a90b13",
  "state": "outdated",
  "requested": {
    "reactor": {
      "code": "module.exports = async function (event) { ... }",
      "runtime": {
        "image": "node22",
        "dependencies": {
          "axios": "1.6.0"
        }
      }
    },
    "error_code": "vulnerabilities_detected",
    "error_message": "Please update the dependencies listed to resolve security vulnerabilities.",
    "error_details": {
      "vulnerabilities": [
        {
          "name": "follow-redirects",
          "version": "1.14.7",
          "severity": "HIGH",
          "id": "CVE-2022-0536",
          "dependency_path": ["axios", "follow-redirects"]
        }
      ]
    }
  }
}

For end-to-end scanning behavior and notifications, see Runtime Vulnerability Scanning.

Patch Reactor

Patch a Reactor by ID in the Tenant.

PATCH
https://api.basistheory.com/reactors/{id}
Copy

node22 updates are asynchronous. Check valid states where node22 can be updated.

Permissions

reactor:update
The Patch Reactors endpoint uses a different content-type to support merge-patch operations. Requests need the Content-Type header to be set to application/merge-patch+json. Requests made with a different Content-Type header value will receive a 415 Unsupported Media Type response code. For more information on merge-patch, see RFC 7386.

Request

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13" \
  -H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
  -H "Content-Type: application/merge-patch+json" \
  -X "PATCH" \
  -d '{
    "name": "My Reactor",
    "configuration": {
      "SERVICE_API_KEY": "key_abcd1234"
    }
  }'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Request Parameters

AttributeRequiredTypeRuntimeDescription
namefalsestringAllThe name of the reactor. Has a maximum length of 200
codefalsestringAllReactor code which will be executed when the Reactor is processed
configurationfalsemap<string, string>AllA string key and string value map of predefined configuration names and values accessible from the Reactor code
runtimefalseRuntime ObjectAllRuntime configuration for the reactor.
application.idfalseuuidnode-btThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.

Response

Returns 204 if successful. Returns an error if there were validation errors, or the operation failed.

Delete Reactor

Delete a Reactor by ID in the Tenant.

DELETE
https://api.basistheory.com/reactors/{id}
Copy

Check valid states where node22 can be deleted.

Permissions

reactor:delete

Request

curl "https://api.basistheory.com/reactors/fb124bba-f90d-45f0-9a59-5edca27b3b4a" \
  -H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
  -X "DELETE"

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Response

Returns an error if the Reactor failed to delete.

Response

Returns a response object the same as the synchronous response.

Reactor Response Object

AttributeTypeDescription
tokensobject(Optional) Token(s) created from the tokenize block of the Reactor code response
rawobject(Optional) Raw output returned from the Reactor

Reactor Object

AttributeTypeRuntimeDescription
iduuidAllUnique identifier of the Reactor which can be used to get a Reactor
tenant_iduuidAllThe Tenant ID which owns the reactor
namestringAllThe name of the reactor
statestringnode22Current state of the reactor. See Reactor States
codestringAllReactor code which will be executed when the Reactor is processed.
configurationmap<string, string>AllA string key and string value map of predefined configuration names and values accessible from the Reactor code.
runtimeRuntime ObjectAllRuntime configuration.
requestedRequested Objectnode22Contains pending configuration at requested.reactor and provisioning error details during asynchronous provisioning. Present when state is creating or updating, and can also be present in failed or outdated when the latest deployment did not succeed.
applicationApplicationnode-btThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.
created_byuuidAll(Optional) The ID of the user or Application that created the Reactor
created_atstringAll(Optional) Created date of the Reactor in ISO 8601 format
modified_byuuidAll(Optional) The ID of the user or Application that last modified the Reactor
modified_atdateAll(Optional) Last modified date of the Reactor in ISO 8601 format

Requested Object

The requested object contains pending Reactor configuration during asynchronous provisioning, and failure details when that pending deployment does not complete successfully.

AttributeTypeDescription
reactorobjectPending Reactor configuration for the most recent asynchronous provisioning request. See Pending Reactor Object.
error_codestringPublic error code for provisioning failures (for example, vulnerabilities_detected).
error_messagestringPublic error message for provisioning failures.
error_detailsobjectAdditional structured details for the failure. Present for error codes that expose details (for example vulnerability findings).

Pending Reactor Object

AttributeTypeDescription
codestringThe pending Reactor code.
runtimeRuntime ObjectThe pending runtime configuration.
configurationmap<string, string>The pending configuration key-values.

Vulnerability Error Details

When requested.error_code is vulnerabilities_detected, requested.error_details includes a vulnerabilities array:

AttributeTypeDescription
error_details.vulnerabilitiesarrayList of detected vulnerabilities.
vulnerabilities[].namestringVulnerable package name.
vulnerabilities[].versionstringVulnerable package version.
vulnerabilities[].severitystringVulnerability severity (LOW, MEDIUM, HIGH, CRITICAL).
vulnerabilities[].idstringVulnerability identifier (for example CVE).
vulnerabilities[].dependency_patharrayDependency chain from direct dependency to the vulnerable package.

Runtime Object

The runtime object configures the execution environment.

AttributeRequiredTypeDefaultRuntimeDescription
imagetruestring-AllThe runtime image identifier. See available runtimes.
dependenciesfalsemap<string, string>{}node22npm packages to install. Key is package name, value is an exact pinned version (e.g., "stripe": "18.4.0").
resolutionsfalsemap<string, string>{}node22Dependency version overrides applied at build time. Use to override versions of dependencies installed indirectly through other packages.
timeoutfalsenumber10node22Maximum execution time in seconds (1-30).
resourcesfalsestringstandardnode22Compute resources allocation. One of standard, large, xlarge.
warm_concurrencyfalsenumber0node22Number of warm instances to maintain.
permissionsfalsearray<string>[]node22Basis Theory permissions to grant (e.g., token:reveal, token:create).

See Runtime Options for detailed descriptions of each property.

Code Contract

For details on writing reactor code, including request/response objects and examples, see Code Contract.

Runtime Options

For details on configuring the runtime object, including dependencies, resolutions, timeout, resources, warm concurrency, and permissions, see node22 Runtime Options.

Last updated on