SDKs
Phosra provides official SDKs to accelerate your integration. All SDKs wrap the REST API and provide typed interfaces, automatic retries, and token management.Available SDKs
TypeScript SDK
Full-featured SDK for Node.js and browser applications. Typed interfaces for all 80 endpoints.
MCP Server
Model Context Protocol server for AI agent integration. Works with Claude, GPT, and other MCP-compatible agents.
iOS SDK
On-device child safety enforcement using FamilyControls, ManagedSettings, and DeviceActivity.
Android SDK
On-device enforcement using UsageStatsManager, VpnService, DevicePolicyManager, and AccessibilityService.
Published packages
These are the packages actually on the public npm registry today. Versions verified againstnpm view — pin the ones you use.
| Package | Version | What it does | Page |
|---|---|---|---|
@phosra/sdk | 0.1.0 | Typed control-plane client (PhosraClient) — families, children, policies, rules, enforcement | TypeScript SDK |
@openchildsafety/ocss | 0.1.3 | The vendor-neutral OCSS reference library — sign/verify receipts, sealed envelopes, trust list, vocabulary | Developer SDK |
@phosra/link | 0.1.2 | Writer-plane SDK — the consent ceremony + signed rule-write directives (directive, convergeFamily) | Link |
@phosra/gatekeeper | 0.2.2 | Platform-side SDK — verify signed profiles, run the local decision engine, send §8.3.8 receipts | — |
@phosra/connect | 0.1.1 | Embeddable Connect component (the “Plaid Link” for parental-controls apps) — web + React Native | — |
@phosra/mcp | 0.4.0 | MCP server exposing Phosra tools to AI agents (npx @phosra/mcp) | MCP Server |
@phosra/cli | 0.2.0 | Partner CLI — scaffold configs, verify OCSS setup, sandbox round-trip checks (npx @phosra/cli) | — |
@phosra/provider | 0.1.0 | Provider-side helpers over @openchildsafety/ocss | — |
@phosra/classify | 0.1.1 | Rule-category classification helpers | — |
The native iOS and Android enforcement SDKs are distributed privately (not on npm/Maven Central yet) — see iOS SDK and Android SDK, or email
developers@phosra.com for repo access. There is no published @ocss/* npm scope; the open standard’s library ships under @openchildsafety/*.Language coverage
Phosra ships a first-party TypeScript SDK today. Every other language talks to the same plain-JSON REST API directly — no SDK required, and the Quickstart proves the curl / Python / Go paths run copy-paste against the live sandbox.| Language | How you call Phosra | Status |
|---|---|---|
| TypeScript / JavaScript | @phosra/sdk — typed PhosraClient | Published |
| Shell | curl against the REST API | Works today |
| Python | requests (or stdlib urllib) against the REST API | Works today |
| Go | net/http against the REST API | Works today |
| Python SDK | first-party typed client | Planned |
Generate a typed client in any language
Need Python, Go, Java, Rust, or C#? The OpenAPI spec drives standard code generators to produce a fully-typed client in about a minute. The Generate a client in your language guide runs the real commands (openapi-generator-cli for Python/Go/Java, openapi-typescript for TS)
against the live sandbox and pastes the actual output — including a generated-client
call that returns 201.
Generate a client in your language
Worked TypeScript, Python, and Go clients from the hosted spec — verified copy-paste,
plus which-spec guidance and the RFC 9421 data-plane caveat.
SDK Comparison
| Feature | TypeScript | MCP | iOS | Android |
|---|---|---|---|---|
| Platform | Node.js / Browser | AI Agents | iOS 16+ | Android 8.0+ |
| Auth methods | API key, Bearer, Device key | API key | Parent JWT, Device key | Parent JWT, Device key |
| Install | npm | npx | SPM | Gradle |
| On-device enforcement | — | — | FamilyControls | UsageStats + VPN |
| Policy sync | — | — | APNs + polling | FCM + WorkManager |
| Reporting | — | — | Enforcement + screen time | Enforcement + screen time |
Direct API Access
All SDKs are optional. The REST API is plain JSON over HTTPS — call it from any language. Every tab leads with the open sandbox (https://phosra-api-sandbox-production.up.railway.app) so your first copy-paste returns 201 with no API key. The same one-call setup in four languages:
Going to production. Swap the sandbox
baseUrl for the production host (https://prodapi.phosra.com/api/v1) and add a phosra_ API key. The raw HTTP tabs send the key as Authorization: Bearer (the canonical header) against the /developer/* prefix; the TypeScript PhosraClient sends the same key as the X-Api-Key header internally — both are accepted. See Authentication.Get your API key
Sign up at dashboard.phosra.com/signup and mint a key on the Keys page —
phosra_test_… for the sandbox, phosra_live_… for production.