# Redirecting to the Subscription Portal

## What do I need?

1. **Parent Timeback ID** – The unique identifier of the parent in the one-roster system.
2. **Expiry Time** *(optional)* – Defaults to **60 minutes** if not provided.
3. **Edupaid API key** – your edupaid api key

## How do I generate the redirection url ?

1. **Make a POST request** to

   ```
   https://api.edupaid.2hourlearning.com/functions/v1/generate-parent-token
   ```
2. **Include your Edupaid API key** in the request header:

   ```
   x-api-key: <your_api_key>
   ```
3. **Send the request body** in JSON format:

   ```json
   {
     "parentTimebackId": "<parent_id>",
     "expiryMinutes": <expiry_time_in_minutes>
   }
   ```

   * `parentTimebackId` → required, the unique identifier of the parent.
   * `expiryMinutes` → optional, defaults to **60** minutes if not provided.
4. **Receive the response** – On success, you’ll get back a JSON object containing the time-limited portal URL:

   ```json
   {
     "url": "https://students.edupaid.2hourlearning.com/subscription-portal?token=<token>"
   }
   ```
5. **Redirect the parent** to the `url` returned in the response. For example:

   ```
   https://students.edupaid.2hourlearning.com/subscription-portal?token=<token>
   ```

***

&#x20;**Tip:** You can also **try this endpoint directly** in the [Swagger API documentation](https://trilogy-group.github.io/edupaid/api.html) by expanding the `POST /generate-parent-token` section and clicking **“Try it out”**.&#x20;

## Security Guidelines

* Always use HTTPS when calling the generate-parent-token API.&#x20;
* Do not expose your Edupaid API key in frontend or client-side code.&#x20;
* Keep it secure on the backend. Limit token expiry times – 60 minutes is recommended for parent portal access.&#x20;
* Call the token generation API only from a trusted backend that you control.&#x20;
* Redirect only to the returned url from the API response. Do not attempt to manually construct subscription portal links.