Fix it yourself first
Nearly every error the API returns is self-explaining and has a documented cause and fix. Check these before you write to us — you will usually be faster.Troubleshooting
Organized by symptom, not by code. Find what you are seeing, run the check, apply the fix.
Error reference
Every HTTP status and error
class, each with its cause, its fix, and a live example.Platform status
Is it you or us? Live operational status for the OCSS census, plus the full incident history.
Changelog
Recent API and SDK changes — check here first if something worked yesterday and not today.
Reach the developer team
For integration questions, sandbox behaviour, key/access requests, and anything that is not a security issue or a public-repo bug, email the developer inbox:developers@phosra.com
The one address for developer support, SDK access requests, and integration help.
The error, verbatim
The full JSON body — at minimum
code and class, plus failed_step if the
response is a 403 standing_failure. Do not paraphrase; paste it.Response expectations
We would rather tell you the truth than publish a number we cannot keep. Here is what is actually committed:| Channel | What it is for | What we commit to |
|---|---|---|
security@phosra.com | Vulnerabilities & security incidents | Triage within one business day, with updates through remediation (published on our Trust page) |
developers@phosra.com | Sandbox & integration support | Best-effort, monitored during business hours. No published SLA for the free sandbox |
| Accreditation agreement | Production partners | Support commitments are defined in your signed production-accreditation agreement, not here |
| GitHub issues | Bugs in the public repos | Community best-effort; maintainers triage on a rolling basis |
The sandbox is a best-effort developer environment, not a paid production
service — treat the developer inbox accordingly. Time-sensitive production
guarantees come with accreditation. For real-time platform health during an
outage, the status page is always the
source of truth, not email.
File a bug
Where a bug goes depends on which component it is in.iOS Link Kit — PhosraLinkKit
The native-iOS Phosra Link connect sheet (Swift). Open an issue on the public repo.
OCSS conformance harness — Touchstone
The open
@openchildsafety/provider-harness (TypeScript). File conformance-tooling bugs here.@phosra/* SDKs, or the MCP server
— the source is not public, so there is no issue tracker to file against. Email
developers@phosra.com with the request id and the
verbatim error instead. A good bug report is reproducible: include the exact
route, the identity you called it as, and a minimal curl.
A crash or 5xx that you can reproduce is one of the most useful things you can
send. Retry with backoff first (5xx are transient); if
it persists, send the
X-Railway-Request-Id — that is what lets us pull your
exact trace.Report a security issue
Found a vulnerability? Please do not open a public GitHub issue. Email:security@phosra.com
Responsible-disclosure contact. Triaged within one business day; researchers are
credited in our disclosure log with your permission.
- Do not access data that is not your own. Use your own sandbox org and test identities.
- Do not test against production parent or child accounts. This is a child-safety platform — real accounts are strictly off-limits.
- Do not run scanners that degrade service for other developers.
Community & staying informed
Phosra does not run a public chat community (no Discord or Slack) — so if you see one claiming to be us, it is not. The honest set of channels today:Changelog
The canonical feed of API and SDK changes. Check it before assuming a regression.
Status & incidents
Live operational status and the full incident history for the OCSS census.
Open-source repos
Public repos (Link Kit, Touchstone). Issues are the place for questions on those components.
OCSS standard
The open specification Phosra implements — protocol, roles, and the trust framework.
The vendor-neutral OCSS protocol library ships on npm as
@openchildsafety/* (there is no @ocss/* scope). SDK install and status
details are on the SDKs overview.Still stuck?
Troubleshooting
Symptom-first fixes with a runnable check for each — start here.
Error reference
The complete status-code and error-class tables, every field documented.