Skip to main content

Getting your API key

Your API key is available in the Reactor Dashboard. Each partner organization has a unique key that grants access to model management, container registries, and weight storage.

Log in

reactor auth login
You’ll be prompted to enter your API key. On success, the CLI:
  1. Validates your key against the Reactor API
  2. Retrieves your container registry credentials
  3. Stores everything locally at ~/.reactor/credentials

Check status

reactor auth status
Displays your current authentication state, including the partner organization, registry URL, and credential expiry.

Docker login

reactor auth docker-login
Configures Docker to push images to your private container registry. Run this before any docker push command. Registry tokens expire after 12 hours, so re-run if your push fails with an authentication error.

Managing API keys

Creating additional keys

Generate new API keys from the Reactor Dashboard. You can create separate keys for different environments (e.g., one for local development, one for CI/CD). All keys within an organization have the same access scope. They differ only in identity for audit logging.

Rotating keys

To rotate a key:
  1. Create a new key in the Dashboard
  2. Run reactor auth login with the new key
  3. Update any CI/CD systems with the new key
  4. Revoke the old key in the Dashboard
Active uploads and deployments are not interrupted when a key is revoked. Only new API calls using the old key will fail.

Revoking a compromised key

If a key is exposed (committed to git, leaked in logs, etc.):
  1. Revoke it immediately in the Reactor Dashboard
  2. Generate a new key
  3. Run reactor auth login with the new key
  4. Audit recent activity in the Dashboard to check for unauthorized usage
Revocation takes effect within 60 seconds. Registry tokens issued by the old key will continue to work until they expire (up to 12 hours), but no new tokens can be generated.
Never commit API keys to version control. The CLI stores credentials at ~/.reactor/credentials and will warn you if this file is inside a git repository.

Credentials file

Credentials are stored at ~/.reactor/credentials in JSON format: 
{
  "api_key": "rp_...",
  "partner_id": "your-org",
  "registry": "registry.reactor.inc/your-org",
  "registry_token": "...",
  "registry_token_expiry": "2025-01-01T12:00:00Z"
}
The CLI automatically refreshes registry tokens when they expire during normal usage. You do not need to manually re-authenticate unless your API key is rotated.

Troubleshooting

ErrorFix
Invalid API keyVerify your key in the Dashboard. Keys start with rp_.
Docker push unauthorizedRun reactor auth docker-login to refresh registry tokens.
Credentials file not foundRun reactor auth login again.
API key expiredGenerate a new key in the Dashboard and re-authenticate.
Key revokedYour key was revoked by an org admin. Generate a new one.