Documentation
Polling & Tokens
Polling & Tokens
After a WARN, you can poll approval status using either your API key or the short-lived approval token.
Which polling method should you use?
- Use API key polling from your backend. This is stable and does not depend on token expiry.
- Use approval token polling from a client surface (or a constrained environment) where you cannot safely store an API key.
Polling with API key
Endpoint:
GET /api/decisions/<decision_id>/approvalResponse shape:
json
{
"decision_id": "dec_...",
"approved": false
}| Header | Value |
|---|---|
| Authorization | Bearer <API_KEY> |
Polling with approval token
Endpoint:
GET /api/decisions/<decision_id>/approvalResponse shape:
json
{
"approved": false
}| Header | Value |
|---|---|
| X-Approval-Token | <approval_token> |
| Authorization | Bearer <approval_token> |
Approval tokens are short-lived (about 15 minutes). If the token is missing/invalid/expired, the endpoint returns
approved: false (and may return 401).Rate limiting
Approval polling is rate-limited. If you exceed limits, the API can return HTTP 429.
Legal & Responsibility Notice
Summary
Informational only
Provided for general guidance. Not legal, compliance, security, or professional advice.
You control implementation
You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.
Liability limitation
To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.