Browser SDK

Basic client for Reflag.com. If you're using React, you'll be better off with the Reflag React SDK.

Reflag supports flag toggling, tracking flag usage, collecting feedback on flags, and remotely configuring flags.

Install

First find your publishableKey under environment settings in Reflag.

The package can be imported or used directly in a HTML script tag:

A. Import module:

import { ReflagClient } from "@reflag/browser-sdk";

const user = {
  id: 42,
  role: "manager",
};

const company = {
  id: 99,
  plan: "enterprise",
};

const reflagClient = new ReflagClient({ publishableKey, user, company });

await reflagClient.initialize();

const {
  isEnabled,
  config: { payload: question },
  track,
  requestFeedback,
} = reflagClient.getFlag("huddle");

if (isEnabled) {
  // Show flag. When retrieving `isEnabled` the client automatically
  // sends a "check" event for the "huddle" flag which is shown in the
  // Reflag UI.

  // On usage, call `track` to let Reflag know that a user interacted with the flag
  track();

  // The `payload` is a user-supplied JSON in Reflag that is dynamically picked
  // out depending on the user/company.
  const question = payload?.question ?? "Tell us what you think of Huddles";

  // Use `requestFeedback` to create "Send feedback" buttons easily for specific
  // flags. This is not related to `track` and you can call them individually.
  requestFeedback({ title: question });
}

// `track` just calls `reflagClient.track(<flagKey>)` to send an event using the same flag key
// You can also use `track` on the client directly to send any custom event.
reflagClient.track("huddle");

// similarly, `requestFeedback` just calls `reflagClient.requestFeedback({flagKey: <flagKey>})`
// which you can also call directly:
reflagClient.requestFeedback({ flagKey: "huddle" });

B. Script tag (client-side directly in html)

See example/browser.html for a working example:

Init options

Supply these to the constructor call:

Migrating from Bucket SDK

If you have been using the Bucket SDKs, the following list will help you migrate to Reflag SDK:

• Bucket* classes, and types have been renamed to Reflag* (e.g. BucketClient is now ReflagClient)

• Feature* classes, and types have been renamed to Feature* (e.g. Feature is now Flag, RawFeatures is now RawFlags)

• All methods that contained feature in the name have been renamed to use the flag terminology (e.g. getFeature is getFlag)

• The fallbackFeatures property in client constructor and configuration files has been renamed to fallbackFlags

• featureKey has been renamed to flagKey in all methods that accepts that argument

• The new cookies that are stored in the client's browser are now reflag-* prefixed instead og bucket-*

• The featuresUpdated hook has been renamed to flagsUpdated

• The checkIsEnabled and checkConfig hooks have been removed, use check from now on

To ease in transition to Reflag SDK, some of the old methods have been preserved as aliases to the new methods:

• getFeature method is an alias for getFlag

• getFeatures method is an alias for getFlags

• featuresUpdated hook is an alias for flagsUpdated

If you are running with strict Content Security Policies active on your website, you will need change them as follows:

• connect-src https://front.bucket.co to connect-src https://front.reflag.com

Finally, if you have customized the look & feel of the Feedback component, update --bucket-feedback-* CSS classes to --reflag-feedback-*

Flag toggles

Reflag determines which flags are active for a given user/company. The user/company is given in the ReflagClient constructor.

If you supply user or company objects, they must include at least the id property otherwise they will be ignored in their entirety. In addition to the id, you must also supply anything additional that you want to be able to evaluate flag targeting rules against.

Attributes cannot be nested (multiple levels) and must be either strings, integers or booleans. Some attributes are special and used in Reflag UI:

• name -- display name for user/company,

• email -- is accepted for users and will be highlighted in the Reflag UI if available,

• avatar -- can be provided for both user and company and should be an URL to an image.

To retrieve flags along with their targeting information, use getFlag(key: string):

You can use getFlags() to retrieve all enabled flags currently.

getFlags() is meant to be more low-level than getFlag() and it typically used by down-stream clients, like the React SDK.

Note that accessing isEnabled on the object returned by getFlags does not automatically generate a check event, contrary to the isEnabled property on the object returned by getFlag.

Remote config

Remote config is a dynamic and flexible approach to configuring flag behavior outside of your app – without needing to re-deploy it.

Similar to isEnabled, each flag has a config property. This configuration is managed from within Reflag. It is managed similar to the way access to flags is managed, but instead of the binary isEnabled you can have multiple configuration values which are given to different user/companies.

key is mandatory for a config, but if a flag has no config or no config value was matched against the context, the key will be undefined. Make sure to check against this case when trying to use the configuration in your application. payload is an optional JSON value for arbitrary configuration needs.

Just as isEnabled, accessing config on the object returned by getFlags does not automatically generate a check event, contrary to the config property on the object returned by getFlag.

Server-side rendering and bootstrapping

For server-side rendered applications, you can eliminate the initial network request by bootstrapping the client with pre-fetched flag data.

Init options bootstrapped

Using bootstrappedFlags

Use the Node SDK's getFlagsForBootstrap() method to pre-fetch flags server-side, then pass them to the browser client:

This eliminates loading states and improves performance by avoiding the initial flags API call.

Context management

Updating user/company/other context

Attributes given for the user/company/other context in the ReflagClient constructor can be updated for use in flag targeting evaluation with the updateUser(), updateCompany() and updateOtherContext() methods. They return a promise which resolves once the flags have been re-evaluated follow the update of the attributes.

The following shows how to let users self-opt-in for a new flag. The flag must have the rule voiceHuddleOptIn IS true set in the Reflag UI.

setContext()

The setContext() method allows you to replace the entire context (user, company, and other attributes) at once. This method is useful when you need to completely change the context, such as when a user logs in or switches between different accounts.

The method will:

• Replace the entire context with the new values

• Re-evaluate all flags based on the new context

• Update the user and company information on Reflag servers

• Return a promise that resolves once the flags have been re-evaluated

getContext()

The getContext() method returns the current context being used for flag evaluation. This is useful for debugging or when you need to inspect the current user, company, and other attributes.

The returned context object contains:

• user: Current user attributes (if any)

• company: Current company attributes (if any)

• other: Additional context attributes not related to user or company

Toolbar

The Reflag Toolbar is great for toggling flags on/off for yourself to ensure that everything works both when a flag is on and when it's off.

The toolbar will automatically appear on localhost. However, it can also be incredibly useful in production. You have full control over when it appears through the toolbar configuration option passed to the ReflagClient.

You can pass a simple boolean to force the toolbar to appear/disappear:

You can also configure the position of the toolbar on the screen:

See the reference for details.

Qualitative feedback on beta flags

Reflag can collect qualitative feedback from your users in the form of a Customer Satisfaction Score and a comment.

Automated feedback collection

The Reflag Browser SDK comes with automated feedback collection mode enabled by default, which lets the Reflag service ask your users for feedback for relevant flags just after they've used them.

Automated feedback surveys work even if you're not using the SDK to send events to Reflag. It works because the Reflag Browser SDK maintains a live connection to Reflag's servers and can automatically show a feedback prompt whenever the Reflag servers determines that an event should trigger a prompt - regardless of how this event is sent to Reflag.

You can find all the options to make changes to the default behavior in the Reflag feedback documentation.

Reflag feedback UI

Reflag can assist you with collecting your user's feedback by offering a pre-built UI, allowing you to get started with minimal code and effort.

Read the Reflag feedback UI documentation

Reflag feedback SDK

Feedback can be submitted to Reflag using the SDK:

Reflag feedback API

If you are not using the Reflag Browser SDK, you can still submit feedback using the HTTP API.

See details in Feedback HTTP API

Tracking flag usage

The track function lets you send events to Reflag to denote flag usage. By default Reflag expects event names to align with the flag keys, but you can customize it as you wish.

Event listeners

Event listeners allow for capturing various events occurring in the ReflagClient. This is useful to build integrations with other system or for various debugging purposes. There are 5 kinds of events:

• check: Your code used isEnabled or config for a flag

• flagsUpdated: Flags were updated. Either because they were loaded as part of initialization or because the user/company updated

• user: User information updated (similar to the identify call used in tracking terminology)

• company: Company information updated (sometimes to the group call used in tracking terminology)

• track: Track event occurred.

Use the on() method to add an event listener to respond to certain events. See the API reference for details on each hook.

Zero PII

The Reflag Browser SDK doesn't collect any metadata and HTTP IP addresses are not being stored.

For tracking individual users, we recommend using something like database ID as userId, as it's unique and doesn't include any PII (personal identifiable information). If, however, you're using e.g. email address as userId, but prefer not to send any PII to Reflag, you can hash the sensitive data before sending it to Reflag:

Use of cookies

The Reflag Browser SDK uses a couple of cookies to support automated feedback surveys. These cookies are not used for tracking purposes and thus should not need to appear in cookie consent forms.

The two cookies are:

• reflag-prompt-${userId}: store the last automated feedback prompt message ID received to avoid repeating surveys

• reflag-token-${userId}: caching a token used to connect to Reflag's live messaging infrastructure that is used to deliver automated feedback surveys in real time.

TypeScript

Types are bundled together with the library and exposed automatically when importing through a package manager.

Content Security Policy (CSP)

If you are running with strict Content Security Policies active on your website, you will need to enable these directives in order to use the SDK:

If you are including the Reflag tracking SDK with a <script>-tag from jsdelivr.net you will also need:

License

MIT License Copyright (c) 2025 Bucket ApS