Authentication

Get your API key

Create an account

Create an API key

Open the Dashboard, click on your user icon and select Account Settings, then, navigate to API Keys to create a new key.

Copy your key

Your key will start with rk_. Store it securely and never commit it to source control.

JavaScript
Python

JavaScript

Do not expose your API key in client-side JavaScript code. This is a dangerous pattern that puts your credentials at risk. Instead, your backend should exchange it for a JWT token that is valid for 6 hours, which is passed to the browser to open a session.

Do not expose your API key in frontend code. Always generate tokens from your backend.

Generate a token from your backend:

import { NextResponse } from "next/server";

export async function GET() {
  const { jwt } = await fetch("https://api.reactor.inc/tokens", {
    headers: { "X-API-Key": process.env.REACTOR_API_KEY! },
  }).then((r) => r.json());

  return NextResponse.json({ jwt });
}

Then fetch it in your app and pass it to the SDK:

"use client";

import { use } from "react";
import { ReactorProvider, ReactorView } from "@reactor-team/js-sdk";

const tokenPromise = fetch("/api/token")
  .then((r) => r.json())
  .then(({ jwt }) => jwt);

export default function App() {
  const token = use(tokenPromise);
  return (
    <ReactorProvider modelName="your-model-name" jwtToken={token}>
      <ReactorView className="w-full aspect-video" />
    </ReactorProvider>
  );
}

For local development, skip the backend step with fetchInsecureToken:

import { fetchInsecureToken } from "@reactor-team/js-sdk";

const token = await fetchInsecureToken("rk_your_api_key_here");

fetchInsecureToken exposes your API key in the browser — use it for local development only. For production, generate tokens from your backend using the pattern above, or use create-reactor-app which sets this up for you.

How it works

JavaScript browser apps cannot expose the API key. Your server exchanges it for a short-lived token, which the browser uses to connect. Tokens are valid for 6 hours. If a token leaks, it expires on its own and the blast radius is limited to that token’s validity window.

Server exchanges API key for a token, passes token to browser, browser connects to Reactor

If your API key is compromised, rotate it immediately from the Dashboard. Rotating does not affect active sessions. Need help? Join us on Discord.

Python

Pass your API key directly to the Reactor constructor:

import os
from reactor_sdk import Reactor

reactor = Reactor(
    model_name="your-model-name",
    api_key=os.environ["REACTOR_API_KEY"],
)

await reactor.connect()

Never hardcode rk_... values in your code or commit them to source control. Use environment variables.

How it works

Python runs server-side, so your API key goes directly to Reactor on connect().

Your app sends the API key directly to Reactor

Need help? Join us on Discord.

Get Started

Concepts

Models

SDK Guides

API Reference

Get your API key

JavaScript

How it works

Python

How it works

Get Started

Concepts

Models

SDK Guides

API Reference

​Get your API key

​JavaScript

​How it works

​Python

​How it works

Get your API key

JavaScript

How it works

Python

How it works