.png?width=365&height=122&name=BTLogo%20(1).png)
January 2026 Changelog
This month delivers a major leap forward for Reactors and Proxy Transforms, new flexibility for Apple Pay and Google Pay merchants, and a quality-of-life improvement for Elements. Whether you're running custom code against sensitive data, managing payment certificates, or building clipboard interactions into your checkout, these updates are worth a look.
Runtimes for Reactors and Transforms (Preview)
Reactors and Proxy Transforms now support a new node-22 runtime, replacing the legacy Node.js 16 environment with a modern, fully isolated execution model. This is available today as a preview.
The node-22 runtime supports any npm package, not just a curated whitelist. You also get configurable timeout, memory, and warm concurrency settings, giving you full control over how your code runs.
Why this matters:
- No more dependency restrictions. Install any npm package your code needs instead of being limited to a pre-approved list.
- Performance you can tune. Configure timeout, memory allocation, and concurrency to match your workload instead of working within fixed limits.
- Updated runtime options. Choose the new node-22 runtime (Node.js 22 LTS) for modern language features, native fetch, and improved performance.
Existing Reactors using the node-bt runtime continue to work unchanged. New projects should start with node-22 for maximum flexibility.
Check out the https://developers.basistheory.com/docs/concepts/runtimes/ for setup details and migration guidance.
Managed Merchant Keys for Apple Pay and Google Pay
You can now register your own merchant identifiers and manage encryption certificates directly through the Basis Theory API for both Apple Pay and Google Pay integrations.
Each merchant supports up to two active certificates at any given time, enabling seamless rotation without downtime. Upload new certificates before the old ones expire, verify everything works, then deprecate the previous set. Certificates are provided in P12 format, base64-encoded, with password protection.
Why this matters:
- Full certificate ownership. Maintain direct control over your merchant credentials and encryption keys rather than relying on shared infrastructure.
- Zero-downtime rotation. The two-certificate limit is designed specifically for rolling updates, so your payment processing never skips a beat.
- Simplified multi-provider setups. Register merchant identifiers that map to your existing Apple Pay and Google Pay configurations without restructuring your payment stack.
See the API reference for https://developers.basistheory.com/docs/api/apple-pay/api#apple-pay-merchant and https://developers.basistheory.com/docs/api/google-pay/api#google-pay-merchant to get started.
See the full implementation guides for Apple Pay and Google Pay to get started.
Bug Fixes
Copy Event for Elements
Elements with copy support now emit a copy event when a value is copied to the clipboard, enabling confirmation UI and analytics. Enable with enableCopy and listen via .on('copy', handler) or the onCopy React prop. See the copy event docs for details.
iOS Card Editing Validation
Fixed an issue where calling setValue on iOS Elements returned incorrect validation state in the onChange callback — fields weren't marked as valid even when a valid token was provided.
Network Token Number Masking
The POST /network-tokens response now correctly reveals the full token number when the application has network-token:reveal permission, eliminating the need for a separate GET call.
Elements Initialization Race Condition
Fixed a race condition where calling encrypt() immediately after SDK initialization would hang indefinitely. The basistheory() promise now resolves only after encryption functionality is fully ready.
Token Intent Permissions for Sessions
Sessions can now be authorized with token-intent permissions (create, read, delete), enabling Token Intent operations via session keys.
