Sandbox-first. The consent and reconnect paths below run against
https://phosra-api-sandbox-production.up.railway.app with no key. The production teardown
(DELETE /compliance/{linkID}) is family-scoped and requires a phosra_live_… key, so it is
documented here rather than run anonymously.Before you start
Handle a declined connection
When a parent chooses Deny on the consent page, Phosra redirects back to your

Your callback handler must branch on the query string:
redirect_uri with an error and no code. Never treat a missing code as success:
Fields & errors — the decline callback
Fields & errors — the decline callback
Query parameters on the
How to branch
deny redirect| Field | Type | Present | Description |
|---|---|---|---|
error | string | on deny | access_denied — the parent declined. No token is issued. |
state | string | always | The state you sent; compare before acting. |
code | — | never on deny | Absent. If error is set, do not look for a code. |
| Callback contains | Meaning | Do |
|---|---|---|
error=access_denied | Parent declined | Show a “connection declined” state; offer to retry later. |
code=… | Parent approved | Proceed to the token exchange (see Connect a platform). |
Tear down an account-linked platform (production)
For platforms you connected with a stored per-family credential (
POST /compliance), remove the
link with DELETE /compliance/{linkID}. This stops all future enforcement to that platform and
is the durable “disconnect” for account-linked integrations:GET /families/{familyID}/compliance returns every active link with its link_id, so you can
find the one to remove. Both endpoints are family-scoped: an anonymous caller who is not a
member of the family gets 403 not a member of this family. List active links first, then
delete the one you mean to remove.Fields & errors — DELETE /compliance/{linkID}
Fields & errors — DELETE /compliance/{linkID}
Path parameter
Request header
Response
Errors
| Field | Type | Required | Description |
|---|---|---|---|
linkID | string (UUID) | yes | The link_id from GET /families/{familyID}/compliance. |
| Header | Required | Description |
|---|---|---|
X-Api-Key | yes (production) | Your phosra_live_… key. The caller must be a member of the family. |
| Status | Meaning |
|---|---|
204 / 200 | Link removed; no further enforcement is pushed to that platform. |
| Status | message | When it happens |
|---|---|---|
403 | not a member of this family | The caller is not authorised for the family that owns the link. |
404 | compliance link not found | No link exists for that linkID. |
These endpoints are family-scoped and require an authenticated member, so they cannot be
exercised anonymously against the open sandbox — the statuses above are the production contract.
The sandbox does confirm the shape: an anonymous
DELETE of an unknown id returns
404 compliance link not found, and GET /families/{id}/compliance returns
403 not a member of this family.Reconnect — the parent approves again
Reconnecting is simply re-running the connect ceremony. Send the parent back to the consent
page with a fresh Real response (200):The connection is live again. Child profiles flow from
state; on Approve you get a new code, and the token exchange yields a
new access token. The old token is never reused.GET /oauth/profiles exactly as they
did before — pick up from the profiles step of Connect a platform.Fields & errors — the reconnect token exchange
Fields & errors — the reconnect token exchange
Identical to the first connect. Two reconnect-specific rules:
Response fields (200)
Full request-field and error tables live in Connect a platform → the token step.
| Field | Type | Description |
|---|---|---|
state | string | Use a fresh value for the reconnect, distinct from the original grant. |
code | string | The new code from the re-approval — an old code from the first grant must not be replayed. |
| Field | Type | Description |
|---|---|---|
access_token | string | A new bearer token; the previous one is not reused. |
expires_in | integer | 3600 (1 hour). |
scope | string | profiles — the same grant as before (equivalent to discovery’s child_profiles.read). |
token_type | string | Bearer. |
After you reconnect
Re-run enforcement so the platform receives the current policy — a reconnected platform starts from a clean slate:Next steps
Connect a platform
The full connect ceremony this guide mirrors.
Test in the sandbox
Everything you can exercise without a key, and how the Trust List works.