Approve / Reject Action

Approve or reject actions that are pending human approval. These endpoints require JWT authentication and appropriate admin permissions.

Approve Action

Endpoint

POST /api/v1/actions/{action_id}/approve

Authentication

JWT Token only - API keys cannot approve/reject actions for security reasons.

Request

Headers

Header	Required	Description
`Authorization`	Yes	Bearer token with admin/manager role
`Content-Type`	No	`application/json` (optional body)

Path Parameters

Parameter	Type	Required	Description
`action_id`	integer	Yes	The action ID to approve

Body (Optional)

{
  "reason": "Approved for quarterly data analysis project"
}

Response

Success (200 OK)

{
  "action_id": 12345,
  "status": "approved",
  "approved_by": 42,
  "approved_at": "2026-01-20T14:35:00Z",
  "correlation_id": "action_20260120_143500_xyz789"
}

Response Fields

Field	Type	Description
`action_id`	integer	The approved action ID
`status`	string	Always `approved`
`approved_by`	integer	User ID of the approver
`approved_at`	string	ISO 8601 timestamp of approval
`correlation_id`	string	Unique ID for audit trail

Errors

Code	Description
400	Bad request - action is not pending approval
401	Unauthorized - missing or invalid JWT token
403	Forbidden - user lacks approval permissions
404	Not found - action does not exist

Not Pending Error (400):

{
  "detail": "Action is not pending approval (current status: approved)",
  "error_code": "INVALID_STATE",
  "status": 400
}

Reject Action

Endpoint

POST /api/v1/actions/{action_id}/reject

Authentication

JWT Token only - API keys cannot approve/reject actions for security reasons.

Request

Headers

Header	Required	Description
`Authorization`	Yes	Bearer token with admin/manager role
`Content-Type`	Yes	`application/json`

Path Parameters

Parameter	Type	Required	Description
`action_id`	integer	Yes	The action ID to reject

Body

{
  "reason": "Action violates data retention policy"
}

Parameter	Type	Required	Description
`reason`	string	No	Reason for rejection (recommended for audit)

Response

Success (200 OK)

{
  "action_id": 12345,
  "status": "denied",
  "rejected_by": 42,
  "rejected_at": "2026-01-20T14:35:00Z",
  "reason": "Action violates data retention policy",
  "correlation_id": "action_20260120_143500_abc123"
}

Response Fields

Field	Type	Description
`action_id`	integer	The rejected action ID
`status`	string	Always `denied`
`rejected_by`	integer	User ID of the reviewer
`rejected_at`	string	ISO 8601 timestamp of rejection
`reason`	string	Rejection reason (if provided)
`correlation_id`	string	Unique ID for audit trail

Errors

Code	Description
400	Bad request - action is not pending approval
401	Unauthorized - missing or invalid JWT token
403	Forbidden - user lacks approval permissions
404	Not found - action does not exist

Permission Requirements

To approve or reject actions, users must have one of the following roles:

Role	Can Approve	Can Reject	Notes
`admin`	Yes	Yes	Full approval authority
`security_manager`	Yes	Yes	Security team approvals
`manager`	Yes*	Yes*	May be limited by risk level
`user`	No	No	Read-only access

*Managers may have risk level limits configured by their organization.

Approval Level System

Some organizations use approval levels based on risk:

Risk Level	Required Approval Level	Example Roles
Low (0-39)	Level 1+	Manager, Admin
Medium (40-69)	Level 2+	Senior Manager, Admin
High (70-84)	Level 3+	Security Manager, CISO
Critical (85-100)	Level 4+	CISO, Board approval

Examples

cURL - Approve

curl -X POST https://pilot.owkai.app/api/v1/actions/12345/approve \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiI..." \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "Approved for Q1 data migration project"
  }'

cURL - Reject

curl -X POST https://pilot.owkai.app/api/v1/actions/12345/reject \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiI..." \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "Action targets production database during peak hours"
  }'

Python

from ascend import AscendClient

# Note: Must use JWT authentication, not API key
client = AscendClient(access_token="eyJhbGciOiJSUzI1NiI...")

# Approve an action
result = client.actions.approve(
    action_id=12345,
    reason="Approved for quarterly data analysis"
)
print(f"Action {result.action_id} approved at {result.approved_at}")

# Reject an action
result = client.actions.reject(
    action_id=12346,
    reason="Violates data retention policy"
)
print(f"Action {result.action_id} rejected")

Node.js

import { AscendClient } from '@anthropic/ascend-sdk';

// Note: Must use JWT authentication, not API key
const client = new AscendClient({ accessToken: 'eyJhbGciOiJSUzI1NiI...' });

// Approve an action
const approveResult = await client.actions.approve(12345, {
  reason: 'Approved for quarterly data analysis'
});
console.log(`Action ${approveResult.actionId} approved`);

// Reject an action
const rejectResult = await client.actions.reject(12346, {
  reason: 'Violates data retention policy'
});
console.log(`Action ${rejectResult.actionId} rejected`);

Python (requests)

import requests

BASE_URL = "https://pilot.owkai.app"
JWT_TOKEN = "eyJhbGciOiJSUzI1NiI..."

headers = {
    "Authorization": f"Bearer {JWT_TOKEN}",
    "Content-Type": "application/json"
}

# Approve action
response = requests.post(
    f"{BASE_URL}/api/v1/actions/12345/approve",
    headers=headers,
    json={"reason": "Approved for data migration"}
)
print(response.json())

# Reject action
response = requests.post(
    f"{BASE_URL}/api/v1/actions/12346/reject",
    headers=headers,
    json={"reason": "Target system is in maintenance mode"}
)
print(response.json())

Audit Trail

All approval and rejection actions are logged to the immutable audit trail:

{
  "audit_id": 98765,
  "action_type": "action_approved",
  "user_id": 42,
  "organization_id": 1,
  "timestamp": "2026-01-20T14:35:00Z",
  "details": "Action 12345 approved by user 42",
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0...",
  "correlation_id": "action_20260120_143500_xyz789"
}

Audit logs can be queried via the /api/admin/audit-logs endpoint or exported for compliance reporting.

Bulk Operations

For processing multiple pending actions:

Bulk Approve

POST /api/v1/actions/bulk-approve

{
  "action_ids": [12345, 12346, 12347],
  "reason": "Bulk approval for scheduled maintenance window"
}

Bulk Reject

POST /api/v1/actions/bulk-reject

{
  "action_ids": [12348, 12349],
  "reason": "Actions submitted with incorrect parameters"
}

Submit Action - Submit an action for evaluation
Get Action Status - Poll for action status

Approve Action​

Endpoint​

Authentication​

Request​

Headers​

Path Parameters​

Body (Optional)​

Response​

Success (200 OK)​

Response Fields​

Errors​

Reject Action​

Endpoint​

Authentication​

Request​

Headers​

Path Parameters​

Body​

Response​

Success (200 OK)​

Response Fields​

Errors​

Permission Requirements​

Approval Level System​

Examples​

cURL - Approve​

cURL - Reject​

Python​

Node.js​

Python (requests)​

Audit Trail​

Bulk Operations​

Bulk Approve​

Bulk Reject​

Related Endpoints​

Approve Action

Endpoint

Authentication

Request

Headers

Path Parameters

Body (Optional)

Response

Success (200 OK)

Response Fields

Errors

Reject Action

Endpoint

Authentication

Request

Headers

Path Parameters

Body

Response

Success (200 OK)

Response Fields

Errors

Permission Requirements

Approval Level System

Examples

cURL - Approve

cURL - Reject

Python

Node.js

Python (requests)

Audit Trail

Bulk Operations

Bulk Approve

Bulk Reject

Related Endpoints