ReflexioDeveloper Docs
Menu

Governance API

Enterprise RTBF export, erase, and purge-operation status endpoints.

Governance API

The governance API exposes enterprise RTBF operations under /api/governance. These endpoints require a governance-authorized dashboard or session bearer credential for the target organization. Ordinary production API keys are rejected.

Export User

POST /api/governance/export-user

curl -X POST "${REFLEXIO_URL:-https://www.reflexio.ai}/api/governance/export-user" \
  -H "Authorization: Bearer $REFLEXIO_GOVERNANCE_BEARER" \
  -H "Content-Type: application/json" \
  --data @- <<'JSON'
{
  "user_id": "alice",
  "request_id": "support-ticket-123"
}
JSON

Returns the user's export bundle and minimized subject_ref. Durable audit rows store minimized references and counts, not raw bearer tokens.

Erase User

POST /api/governance/erase-user

curl -X POST "${REFLEXIO_URL:-https://www.reflexio.ai}/api/governance/erase-user" \
  -H "Authorization: Bearer $REFLEXIO_GOVERNANCE_BEARER" \
  -H "Content-Type: application/json" \
  --data @- <<'JSON'
{
  "user_id": "alice",
  "request_id": "support-ticket-123"
}
JSON

Repeating the same user_id and request_id returns the same purge operation identity. A completed response is returned only after the subject write barrier, deletes, final empty check, and ERASE ok audit write succeed.

Aggregated agent playbooks are treated as org-owned artifacts. User erasure removes user-owned data and source-window links to erased user playbooks, but does not automatically hide, rebuild, or delete agent playbooks.

Purge Operation Status

GET /api/governance/purge-operations/{purge_id}

curl -X GET "${REFLEXIO_URL:-https://www.reflexio.ai}/api/governance/purge-operations/purge_abc" \
  -H "Authorization: Bearer $REFLEXIO_GOVERNANCE_BEARER"

Returns minimized purge state only:

{
  "purge_id": "purge_abc",
  "subject_ref": "subref_v1_abc",
  "request_ref": "reqref_v1_abc",
  "status": "complete",
  "error_code": null,
  "error_detail": null,
  "created_at": 1710000000,
  "updated_at": 1710000005,
  "completed_at": 1710000005
}

This phase does not expose audit-event listing.