Documentation Index
Fetch the complete documentation index at: https://docs.reactor.inc/llms.txt
Use this file to discover all available pages before exploring further.
Reactor uses API keys to authenticate requests. JavaScript apps exchange the key for a short-lived
token; Python apps pass the key directly.
Get your API key
Create an API key
Open the Dashboard, click your user icon, then navigate to API Keys to create a new key. Copy your key
Your key starts with rk_. Store it securely and never commit it to source control.
JavaScript
How it works
Your server exchanges the API key for a short-lived token, which the browser uses to connect. Tokens
are valid for up to 6 hours by default, or shorter if you set expires_after. If a token leaks, it
expires on its own and the blast radius is limited to that token’s validity window.Generate a token
Exchange your API key for a short-lived token by making a POST request to the /tokens endpoint with your API key in the Reactor-API-Key header:const result = await fetch("https://api.reactor.inc/tokens", {
method: "POST",
headers: { "Reactor-API-Key": process.env.REACTOR_API_KEY },
});
const { jwt, expires_at } = await result.json();
const result = await fetch("https://api.reactor.inc/tokens", {
method: "POST",
headers: {
"Reactor-API-Key": process.env.REACTOR_API_KEY,
"Content-Type": "application/json",
},
body: JSON.stringify({ expires_after: Number(process.env.TOKEN_LIFETIME_SECONDS) }),
});
const { jwt, expires_at } = await result.json();
expires_after to get the full 6 hours; pass it (in seconds) to shorten the lifetime. Values at or above the ceiling are silently clamped.The server still returns 200, so always check expires_at (a Unix epoch timestamp) on the response to confirm the actual expiry.Don’t store your API key in client-side code. Use your server as a proxy to generate short-lived
tokens, as shown below.
Server-side proxy
Set up an API route on your server that calls the /tokens endpoint and returns the token to your frontend:import { NextResponse } from "next/server";
export async function POST() {
const result = await fetch("https://api.reactor.inc/tokens", {
method: "POST",
headers: { "Reactor-API-Key": process.env.REACTOR_API_KEY! },
});
const { jwt } = await result.json();
return NextResponse.json({ jwt });
}
"use client";
import { use } from "react";
import { ReactorProvider, ReactorView } from "@reactor-team/js-sdk";
async function getToken() {
const result = await fetch("/api/token", { method: "POST" });
const { jwt } = await result.json();
return jwt;
}
const tokenPromise = getToken();
export default function App() {
const token = use(tokenPromise);
return (
<ReactorProvider modelName="your-model-name" jwtToken={token}>
<ReactorView className="w-full aspect-video" />
</ReactorProvider>
);
}
If your API key is compromised, rotate it immediately from the
Dashboard. Rotating does not affect active sessions. Need
help? Join us on Discord. Python
How it works
Python runs server-side, so your API key goes directly to Reactor on connect().Pass your API key directly to the Reactor constructor:import os
from reactor_sdk import Reactor
reactor = Reactor(
model_name="your-model-name",
api_key=os.environ["REACTOR_API_KEY"],
)
await reactor.connect()
Never hardcode rk_... values in your code or commit them to source control. Use environment
variables.
