Reacting to Existing Data

You may express a structured opinion on data you see on ThreatExchange by *reacting* to that data.

Reacting using the UI

Search for threat descriptors using any method of your choice -- here, for example, using the tag testing-reaction-editing. You can react to threat descriptors owned by other apps (for which the button is called "View") -- not to ones owned by your app (for which the button is called "Edit").

Click "Add Reaction":

Select your reactions, and Save. (Reactions are a growing feature so feel free to contact, or use the bug nub in the TEUI, if you'd like to help expand the reactions concept.)

Dismiss the popup.

In this next screenshot we've switched over to being logged in as the owner app. Here we poke the Edit button to view details.

For the owner app the reactions are read-only, formatted as a table:

Reacting using the API

To express an opinion about descriptor 952030561511282 using the API, append your access token and issue a POST to:,SAW_THIS_TOO

To retrieve the reactions of everyone else, append your access token and issue a GET to:,my_reactions,reactions

The my_reactions field will show your own reactions, and the reactions field will be a map from the possible ReactionType to the apps that reacted with that type. If there are no reactions, the field will be empty.