Skip to main content

Reactors

Create Reactor

Create a new Reactor for the Tenant.

POST
https://api.basistheory.com/reactors
Copy

Permissions

reactor:create

Request

javascript='module.exports = async function (req) {
// Do something with req.configuration.SERVICE_API_KEY

return {
raw: {
foo: "bar"
}
};
};'

curl "https://api.basistheory.com/reactors" \
-H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
-H "Content-Type: application/json" \
-X "POST" \
-d '{
"name": "My Reactor",
"code": '"$(echo $javascript | jq -Rsa .)"',
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
},
"application": {
"id": "45c124e7-6ab2-4899-b4d9-1388b0ba9d04"
}
}'

Request Parameters

AttributeRequiredTypeDefaultDescription
nametruestringnullThe name of the reactor. Has a maximum length of 200
codetruestringnullReactor code which will be executed when the Reactor is processed
configurationtruemap<string, string>nullA string key and string value map of predefined configuration names and values accessible from the Reactor code
application.idfalseuuidnullThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.

Response

Returns a Reactor if the Reactor was created. Returns an error if there were validation errors, or the Reactor failed to create.

{
"id": "5b493235-6917-4307-906a-2cd6f1a90b13",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"name": "My Reactor",
"code": "
module.exports = async function (req) {
// Do something with req.configuration.SERVICE_API_KEY

return {
raw: {
foo: 'bar',
}
};
};
",
"application": {...},
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
},
"created_by": "3ce0dceb-fd0b-4471-8006-c51243c9ef7a",
"created_at": "2020-09-15T15:53:00+00:00"
}

List Reactors

Get a list of reactors for the Tenant.

GET
https://api.basistheory.com/reactors
Copy

Permissions

reactor:read

Request

curl "https://api.basistheory.com/reactors" \
-H "BT-API-KEY: <MANAGEMENT_API_KEY>"

Query Parameters

ParameterRequiredTypeDefaultDescription
idfalsearray[]An optional list of Reactor ID's to filter the list of reactors by
namefalsestringnullWildcard search of reactors by name

Response

Returns a paginated object with the data property containing an array of reactors. Providing any query parameters will filter the results. Returns an error if reactors could not be retrieved.

{
"pagination": {...}
"data": [
{
"id": "5b493235-6917-4307-906a-2cd6f1a90b13",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"name": "My Reactor",
"code": "
module.exports = async function (req) {
// Do something with req.configuration.SERVICE_API_KEY

return {
raw: {
foo: 'bar',
}
};
};
",
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
},
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2020-09-15T15:53:00+00:00",
"modified_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"modified_at": "2021-03-01T08:23:14+00:00"
},
{...},
{...}
]
}

Get a Reactor

Get a Reactor by ID in the Tenant.

GET
https://api.basistheory.com/reactors/{id}
Copy

Permissions

reactor:read

Request

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13" \
-H "BT-API-KEY: <MANAGEMENT_API_KEY>"

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Response

Returns a Reactor with the id provided. Returns an error if the Reactor could not be retrieved.

{
"id": "5b493235-6917-4307-906a-2cd6f1a90b13",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"name": "My Reactor",
"code": "
module.exports = async function (req) {
// Do something with req.configuration.SERVICE_API_KEY

return {
raw: {
foo: 'bar',
}
};
};
",
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
},
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2020-09-15T15:53:00+00:00",
"modified_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"modified_at": "2021-03-01T08:23:14+00:00"
}

Update Reactor

Update a Reactor by ID in the Tenant.

PUT
https://api.basistheory.com/reactors/{id}
Copy

Permissions

reactor:update

Request

javascript='module.exports = async function (req) {
// Do something with req.configuration.SERVICE_API_KEY

return {
raw: {
foo: "bar"
}
};
};'

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13" \
-H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
-H "Content-Type: application/json" \
-X "PUT" \
-d '{
"name": "My Reactor",
"code": '"$(echo $javascript | jq -Rsa .)"',
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
},
"application": {
"id": "45c124e7-6ab2-4899-b4d9-1388b0ba9d04"
}
}'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Request Parameters

AttributeRequiredTypeDefaultDescription
nametruestringnullThe name of the reactor. Has a maximum length of 200
codetruestringnullReactor code which will be executed when the Reactor is processed
configurationtruemap<string, string>nullA string key and string value map of predefined configuration names and values accessible from the Reactor code
application.idfalseuuidnullThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.

Response

Returns a Reactor if the Reactor was updated. Returns an error if there were validation errors, or the Reactor failed to update.

{
"id": "5b493235-6917-4307-906a-2cd6f1a90b13",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"name": "My Reactor",
"code": "
module.exports = async function (req) {
// Do something with req.configuration.SERVICE_API_KEY

return {
raw: {
foo: 'bar'
}
};
};
",
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
},
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2020-09-15T15:53:00+00:00",
"modified_by": "34053374-d721-43d8-921c-5ee1d337ef21",
"modified_at": "2021-03-01T08:23:14+00:00"
}

Patch Reactor

Patch a Reactor by ID in the Tenant.

PATCH
https://api.basistheory.com/reactors/{id}
Copy

Permissions

reactor:update
The Patch Reactors endpoint uses a different content-type to support merge-patch operations. Requests need the Content-Type header to be set to application/merge-patch+json. Requests made with a different Content-Type header value will receive a 415 Unsupported Media Type response code. For more information on merge-patch, see RFC 7386.

Request

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13" \
-H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
-H "Content-Type: application/merge-patch+json" \
-X "PATCH" \
-d '{
"name": "My Reactor",
"configuration": {
"SERVICE_API_KEY": "key_abcd1234"
}
}'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Request Parameters

AttributeRequiredTypeDefaultDescription
namefalsestringnullThe name of the reactor. Has a maximum length of 200
codefalsestringnullReactor code which will be executed when the Reactor is processed
configurationfalsemap<string, string>nullA string key and string value map of predefined configuration names and values accessible from the Reactor code
application.idfalseuuidnullThis Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.

Response

Returns 204 if successful. Returns an error if there were validation errors, or the operation failed.

Delete Reactor

Delete a Reactor by ID in the Tenant.

DELETE
https://api.basistheory.com/reactors/{id}
Copy

Permissions

reactor:delete

Request

curl "https://api.basistheory.com/reactors/fb124bba-f90d-45f0-9a59-5edca27b3b4a" \
-H "BT-API-KEY: <MANAGEMENT_API_KEY>" \
-X "DELETE"

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the reactor

Response

Returns an error if the Reactor failed to delete.

Invoke a Reactor

Invoke a reactor by ID.

POST
https://api.basistheory.com/reactors/{id}/react
Copy

Permissions

token:use

The token:use permission is required to use a Reactor, and it is required for each Container of Tokens you wish to detokenize in a Reactor.

Request

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13/react" \
-H "BT-API-KEY: <PRIVATE_API_KEY>" \
-H "Content-Type: application/json" \
-X "POST" \
-d '{
"args": {
"card": "{{fe7c0a36-eb45-4f68-b0a0-791de28b29e4}}",
"customer_id": "myCustomerId1234"
}
}'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the Reactor

Request Parameters

ParameterRequiredTypeDefaultDescription
argsfalseobjectnullArguments to provide to the reactor.
callback_urlfalsestringnullIndicates that the reactor should be invoked asynchronously and the result delivered as a webhook to this URL. See Asynchronous Reactors for more info.
Enterprise
DEPRECATED

Reactor Request Parameters

The reactor will be executed with a req object that contains the following properties

ParameterDescription
argsDetokenized arguments to provided to the reactor.
configurationA string key and string value map of all configuration name and values defined when creating the Reactor
btA pre-configured Basis Theory JS instance for the application defined with the Reactor. This will be null if no application was defined.

Response

Returns a Reactor Response if the Reactor completed successfully. Returns an error if the Reactor failed. Errors generated from Reactors will be translated to the common Basis Theory Error format. See Reactor Errors for more details.

Reactor Response Object

AttributeTypeDescription
tokensobject(Optional) Token(s) created from the tokenize block of the Reactor code response
rawobject(Optional) Raw output returned from the Reactor

Limitations

Head over to Rate Limits to learn more about Reactors limitations.

Detokenization

In order to use tokenized data within a reactor, the args parameter may contain one or more detokenization expressions. When any detokenization expressions are detected, Basis Theory will attempt to detokenize and inject the raw token data into the args forwarded to the Reactor function.

Reactor request args may contain a mixture of detokenization expressions and raw plaintext data.

Tokens containing complex data may be detokenized into a Reactor request, including Bank and Card token types. When tokens with complex data are detokenized, the entire JSON data payload will be included within the args. For an example, see Use Complex Tokens.

Validation is performed on the resulting request after detokenization, so several required request parameters may be supplied by detokenizing a single complex token that contains several of the request parameters.

At most, 100 tokens may be detokenized within a single Reactor request.

For more detailed examples about how to detokenize within Reactors, check out our Detokenization Examples.

Invoke a Reactor Asynchronously
Enterprise

Invoke a reactor by ID asynchronously. See Asynchronous Reactors for more info.

POST
https://api.basistheory.com/reactors/{id}/react-async
Copy

Permissions

token:use

The token:use permission is required to use a Reactor, and it is required for each Container of Tokens you wish to detokenize in a Reactor.

Request

curl "https://api.basistheory.com/reactors/5b493235-6917-4307-906a-2cd6f1a90b13/react-async" \
-H "BT-API-KEY: <PRIVATE_API_KEY>" \
-H "Content-Type: application/json" \
-X "POST" \
-d '{
"args": {
"card": "{{fe7c0a36-eb45-4f68-b0a0-791de28b29e4}}",
"customer_id": "myCustomerId1234"
}
}'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the Reactor

Request Parameters

ParameterRequiredTypeDefaultDescription
argsfalseobjectnullArguments to provide to the reactor.

Response

{
"asyncReactorRequestId": "3254626a-e1cf-4616-968f-e08a7ade4fce"
}

Returns a request ID that can be used later to retrieve the results of the asynchronous invocation.

Retrieve Result
Enterprise

Will retrieve the results of an asynchronous invocation.

GET
https://api.basistheory.com/reactors/{id}/results/{request_id}
Copy

Permissions

token:use

The token:use permission is required to read the result of reactors.

Request

curl --location 'https://api.basistheory.com/reactors/7001A144-96D0-4401-9D96-13557824A9E0/results/369a879e-338d-4f52-83cf-53a6af3f3f18' \
--header 'BT-API-KEY: <PRIVATE_API_KEY>'

URI Parameters

ParameterRequiredTypeDefaultDescription
idtrueuuidnullThe ID of the Reactor
request_idtrueuuidnullThe ID of the Reactor request id. Retrieved from either the response of react-async or from the webhook events (reactor.invoked, reactor.completed, reactor.failed).

Request Parameters

ParameterRequiredTypeDefaultDescription
argsfalseobjectnullArguments to provide to the reactor.

Response

Returns a response object the same as the synchronous response.

Reactor Response Object

AttributeTypeDescription
tokensobject(Optional) Token(s) created from the tokenize block of the Reactor code response
rawobject(Optional) Raw output returned from the Reactor

Reactor Object

AttributeTypeDescription
iduuidUnique identifier of the Reactor which can be used to get a Reactor
tenant_iduuidThe Tenant ID which owns the reactor
namestringThe name of the reactor
codestringReactor code which will be executed when the Reactor is processed
configurationmap<string, string>A string key and string value map of predefined configuration names and values accessible from the Reactor code
applicationApplication(Optional) This Application's API key is injected into a pre-configured BasisTheory JS SDK instance passed into the Reactor's runtime. Must be a public or private Application Type.
created_byuuid(Optional) The ID of the user or Application that created the Reactor
created_atstring(Optional) Created date of the Reactor in ISO 8601 format
modified_byuuid(Optional) The ID of the user or Application that last modified the Reactor
modified_atdate(Optional) Last modified date of the Reactor in ISO 8601 format

Reactor Code

All Reactor code snippets must export a function which takes in a request object and returns a response object. The snippet should be written in Javascript (targeting Node.js v16) and generally follows the following structure:

module.exports = async function (req) {
const { my_arg } = req.args; // access any args provided with the request
const { MY_CONFIG } = req.configuration; // access any static config defined on the Reactor

// do anything here!

return {
raw: {}, // non-sensitive data that should be returned in plaintext
tokenize: {}, // sensitive data that should be tokenized
};
};

Reactor Code Request Object

AttributeTypeDescription
argsobjectThe arguments that were provided when the reactor was invoked
configurationmap<string, string>A string key and string value map of all configuration name and values defined when creating the Reactor

Reactor Code Response Object

AttributeTypeDescription
rawobject(Optional) Raw output returned from the Reactor
tokenizeobject(Optional) A payload that will be tokenized to produce one or more tokens

The payload returned in the tokenize property will be tokenized in the same way that requests are tokenized via the Tokenize endpoint. For more information, see Tokenize.