fusionauth logo
search-interface-symbol
Quickstarts
API Docs
SDK
search-interface-symbol
talk to an expert
Log In
talk to an expert
Navigate to...
  • Welcome
  • Getting Started
    • Getting Started
    • 5-minute Setup Guide
      • Overview
      • Docker
      • Fast Path
      • Sandbox
    • Setup Wizard & First Login
    • Register a User and Login
    • Self-service Registration
    • Start and Stop FusionAuth
    • Core Concepts
      • Overview
      • Users
      • Roles
      • Groups
      • Registrations
      • Applications
      • Tenants
      • Identity Providers
      • Authentication/Authorization
      • Integration Points
    • Example Apps
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • PHP
      • Python
      • Ruby
    • Tutorials
      • Overview
      • Java Spring
      • Python Django
      • Ruby on Rails
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Marketplaces
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Microsoft Azure AD B2C
    • Tutorial
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Editions and Features
    • Key Rotation
    • Licensing
    • Monitoring
    • Prometheus Setup
    • Proxy Setup
    • Reference
      • Overview
      • Configuration
      • CORS
      • Data Types
      • Hosted Login Pages Cookies
      • Known Limitations
      • Password Hashes
    • Releases
    • Roadmap
    • Search And FusionAuth
    • Securing
    • Switch Search Engines
    • Technical Support
    • Troubleshooting
    • Upgrading
    • WebAuthn
  • Login Methods
    • Identity Providers
      • Overview
      • Apple
      • Epic Games
      • External JWT
        • Overview
        • Example
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
        • Overview
        • Amazon Cognito
        • Azure AD
        • Discord
        • Github
        • Okta
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • SAML v2
        • Overview
        • ADFS
        • Azure AD
        • Okta
      • SAML v2 IdP Initiated
        • Overview
        • Okta
      • Xbox
    • OIDC & OAuth 2.0
      • Overview
      • Endpoints
      • Tokens
      • OAuth Modes
      • URL Validation
    • Passwordless
      • Overview
      • Magic Links
      • WebAuthn & Passkeys
    • SAML v2 IdP
      • Overview
      • Google
      • PagerDuty
      • Tableau Cloud
      • Zendesk
  • Developer Guide
    • Overview
    • API Gateways
      • Overview
      • Amazon API Gateway
      • Kong Gateway
      • ngrok Cloud Edge
    • Client Libraries & SDKs
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • Node
      • OpenAPI
      • PHP
      • Python
      • React
      • Ruby
      • Typescript
    • Events & Webhooks
      • Overview
      • Writing a Webhook
      • Securing Webhooks
      • Events
        • Overview
        • Audit Log Create
        • Event Log Create
        • JWT Public Key Update
        • JWT Refresh
        • JWT Refresh Token Revoke
        • Kickstart Success
        • Group Create
        • Group Create Complete
        • Group Delete
        • Group Delete Complete
        • Group Update
        • Group Update Complete
        • Group Member Add
        • Group Member Add Complete
        • Group Member Remove
        • Group Member Remove Complete
        • Group Member Update
        • Group Member Update Complete
        • User Action
        • User Bulk Create
        • User Create
        • User Create Complete
        • User Deactivate
        • User Delete
        • User Delete Complete
        • User Email Update
        • User Email Verified
        • User IdP Link
        • User IdP Unlink
        • User Login Failed
        • User Login Id Dup. Create
        • User Login Id Dup. Update
        • User Login New Device
        • User Login Success
        • User Login Suspicious
        • User Password Breach
        • User Password Reset Send
        • User Password Reset Start
        • User Password Reset Success
        • User Password Update
        • User Reactivate
        • User Reg. Create
        • User Reg. Create Complete
        • User Reg. Delete
        • User Reg. Delete Complete
        • User Registration Update
        • User Reg. Update Complete
        • User Reg. Verified
        • User 2FA Method Add
        • User 2FA Method Remove
        • User Update
        • User Update Complete
    • Guides
      • Overview
      • Application Specific Email Templates
      • Authentication Tokens
      • Exposing A Local Instance
      • JSON Web Tokens
      • Key Master
      • Localization and Internationalization
      • Multi-Factor Authentication
      • Multi-Tenant
      • Passwordless
      • Registration-based Email Verification
      • Searching With Elasticsearch
      • Securing Your APIs
      • Silent Mode
      • Single Sign-on
      • Two Factor (pre 1.26)
    • Integrations
      • Overview
      • CleanSpeak
      • Kafka
      • Twilio
    • Plugins
      • Overview
      • Writing a Plugin
      • Custom Password Hashing
    • User Control & Gating
      • Overview
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
  • Customization
    • Email & Templates
      • Overview
      • Configure Email
      • Email Templates
      • Email Variables
      • Message Templates
    • Lambdas
      • Overview
      • Apple Reconcile
      • Client Cred. JWT Populate
      • Epic Games Reconcile
      • External JWT Reconcile
      • Facebook Reconcile
      • Google Reconcile
      • HYPR Reconcile
      • JWT Populate
      • LDAP Connector Reconcile
      • LinkedIn Reconcile
      • Nintendo Reconcile
      • OpenID Connect Reconcile
      • SAML v2 Populate
      • SAML v2 Reconcile
      • SCIM Group Req. Converter
      • SCIM Group Resp. Convtr.
      • SCIM User Req. Converter
      • SCIM User Resp. Converter
      • Self-Service Registration
      • Sony PSN Reconcile
      • Steam Reconcile
      • Twitch Reconcile
      • Twitter Reconcile
      • Xbox Reconcile
    • Messengers
      • Overview
      • Generic Messenger
      • Twilio Messenger
    • Themes
      • Overview
      • Examples
      • Helpers
      • Localization
      • Template Variables
      • Kickstart Custom Theme
  • Premium Features
    • Overview
    • Advanced Registration Forms
    • Advanced Threat Detection
    • Application Specific Themes
    • Breached Password Detection
    • Connectors
      • Overview
      • Generic Connector
      • LDAP Connector
      • FusionAuth Connector
    • Entity Management
    • SCIM
      • Overview
      • Azure AD Client
      • Okta Client
      • SCIM-SDK
    • Self Service Account Mgmt
      • Overview
      • Updating User Data & Password
      • Add Two-Factor Authenticator
      • Add Two-Factor Email
      • Add Two-Factor SMS
      • Add WebAuthn Passkey
      • Customizing
      • Troubleshooting
    • WebAuthn
  • APIs
    • Overview
    • Authentication
    • Errors
    • API Explorer
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM User
      • SCIM Group
      • SCIM EnterpriseUser
      • SCIM Service Provider Config.
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • WebAuthn
    • Webhooks
  • Release Notes

    Reactor APIs

    Overview

    This API has been available since 1.26.0

    This page contains the APIs for Reactor, FusionAuth’s license system. Reactor is used to activate features based upon your licensing tier. Here are the APIs:

    • Activate Reactor license

    • Retrieve Reactor metrics

    • Retrieve Reactor status

    • Regenerate Reactor license

    • Deactivate Reactor license

    Activate Reactor license

    This API is used to activate a Reactor license.

    Request

    Activate a Reactor license

    URI

    POST /api/reactor

    Request Body

    licenseId [String] Required

    The license Id to activate.

    license [String] Optional

    The Base64 encoded license value. This value is necessary in an air gapped configuration where outbound network access is not available.

    Response

    This API does not return a JSON response body.

    Table 1. Response Codes
    Code Description

    200

    The request was successful. The response will be empty.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Retrieve Reactor metrics

    This API is used to retrieve the metrics of Reactor features.

    Request

    Retrieve Reactor metrics

    URI

    GET /api/reactor/metrics

    Response

    Table 2. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    metrics.breachedPasswordMetrics [Map<UUID, List<Object>]

    The breached password metrics. The map key is the Tenant Id.

    metrics.breachedPasswordMetrics[tenantId].actionRequired [Integer]

    The total number of user accounts where action is required.

    metrics.breachedPasswordMetrics[tenantId].matchedCommonPasswordCount [Integer]

    The total number of matched user accounts with a commonly compromised password.

    metrics.breachedPasswordMetrics[tenantId].matchedExactCount [Integer]

    The total number of matched user accounts with a compromised password exact match.

    metrics.breachedPasswordMetrics[tenantId].matchedPasswordCount [Integer]

    The total number of user accounts with matched passwords.

    metrics.breachedPasswordMetrics[tenantId].matchedSubAddressCount [Integer]

    The total number of sub-email user accounts that match a compromised password.

    metrics.breachedPasswordMetrics[tenantId].passwordsCheckedCount [Integer]

    The total number of user account passwords checked.

    Example Response JSON
    
    {
      "metrics": {
        "breachedPasswordMetrics": {
          "30663132-6464-6665-3032-326466613934": {
            "actionRequired": 6,
            "matchedCommonPasswordCount": 2,
            "matchedExactCount": 3,
            "matchedPasswordCount": 3,
            "matchedSubAddressCount": 1,
            "passwordsCheckedCount": 23
          }
        }
      }
    }

    Retrieve Reactor status

    This API is used to retrieve the status of Reactor features.

    Request

    Retrieve Reactor status

    URI

    GET /api/reactor

    Response

    Table 3. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    status.advancedIdentityProviders [String]

    The status for Advanced Identity Providers.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.advancedLambdas [String] Available since 1.35.0

    The status for Advanced lambda features such Lambda HTTP Connect.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.advancedMultiFactorAuthentication [String]

    The status for Advanced Multi-Factor Authentication.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.advancedRegistration [String]

    The status for Advanced Registration Forms.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.applicationMultiFactorAuthentication [String] Available since 1.37.0

    The status for Application scoped Multi-Factor authentication configuration.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.applicationThemes [String]

    The status for Application Themes.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.breachedPasswordDetection [String]

    The status for Breached Password Detection. The possible following values:

    • ACTIVE - the feature is active

    • DISCONNECTED - the feature is currently disconnected

    • PENDING - the feature is pending while waiting to complete key exchange with Reactor

    • UNKNOWN - the status of the feature is unknown

    status.connectors [String]

    The status for Connectors.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.entityManagement [String]

    The status for Entity Management.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.expiration [String] Available since 1.36.0

    If the license is configured to be air-gapped, this value will be returned to indicate the license expiration. An air-gapped license is one that does not require egress network connectivity to the FusionAuth license server. If the license is not configured to be air-gapped, then this field will not be returned in the response.

    The expiration string is formatted as an ISO-8601 string in the form YYYY-MM-DD.

    status.licenseAttributes [Map<String, String>] Available since 1.37.0

    A set of attributes describing the license, this is primarily used for internal use and may help describe the license. The values returned in this object are subject to change.

    status.licensed [Boolean]

    Whether or not the FusionAuth Reactor has been activated with a valid license. This is synonymous with a licensed instance of FusionAuth.

    status.scimServer [String] Available since 1.36.0

    The status for the SCIM Server features.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.threatDetection [String] Available since 1.30.0

    The status for the Threat Detection feature set.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.webAuthn [String] Available since 1.41.0

    The status for WebAuthn features.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.webAuthnPlatformAuthenticators [String] Available since 1.41.0

    The status for WebAuthn platform authenticators.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    status.webAuthnRoamingAuthenticators [String] Available since 1.41.0

    The status for WebAuthn roaming, or cross-platform, authenticators.

    The possible following values:

    • ACTIVE - the feature is active

    • DISABLED - the feature is not available based upon your license

    • DISCONNECTED - the feature is not currently available due to connectivity issues

    • PENDING - the feature is in progress of being activated

    • UNKNOWN - the status of the feature is unknown

    Example Response JSON
    
    {
      "status": {
        "advancedIdentityProviders": "ACTIVE",
        "advancedLambdas": "DISABLED",
        "advancedMultiFactorAuthentication": "ACTIVE",
        "advancedRegistration": "ACTIVE",
        "applicationMultiFactorAuthentication": "ACTIVE",
        "applicationThemes": "ACTIVE",
        "breachedPasswordDetection": "PENDING",
        "connectors": "ACTIVE",
        "entityManagement": "ACTIVE",
        "licenseAttributes": {
          "LicenseType": "Production",
          "LicensedPlan": "Enterprise"
        },
        "licensed": true,
        "scimServer": "ACTIVE",
        "threatDetection": "ACTIVE",
        "webAuthn": "ACTIVE",
        "webAuthnPlatformAuthenticators": "ACTIVE",
        "webAuthnRoamingAuthenticators": "ACTIVE"
      }
    }

    Regenerate Reactor license

    This API is used to make requests from FusionAuth to the License server to regenerate a license. This is particularly useful if it is suspected that the license key has been compromised and a new one is needed.

    Regenerating the license will cause any other instance using the license to revert to community edition features. All configuration will be maintained, but any paid edition functionality will be disabled. The instance of FusionAuth that makes this API request will be updated to use the new license key, but each additional instance requiring a license will need the updated license key.

    Request

    Regenerate a Reactor license

    URI

    PUT /api/reactor

    Response

    This API does not return a JSON response body.

    Table 4. Response Codes
    Code Description

    200

    The request was successful. The response will be empty.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you are trying to update doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Deactivate Reactor license

    This API is used to deactivate a Reactor license. If Breached Password Detection was being used it will no longer work, licensed features can no longer be enabled, and existing configurations may no longer work if they use licensed features.

    Request

    Deactivate Reactor license

    URI

    DELETE /api/reactor

    Response

    This API does not return a JSON response body.

    Table 5. Response Codes
    Code Description

    200

    The request was successful. The response will be empty.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you are trying to delete doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.

    © 2023 FusionAuth
    How-to
    Blog
    Expert Advice
    Download
    Subscribe for developer updates