Documentation
Approval failures
Approval failures
These errors come from the approval endpoints. Approval is fail-closed: errors are never approval.
Common errors (exact messages)
| Endpoint | HTTP | error | Cause | Fix |
|---|---|---|---|---|
| GET /api/decisions/<decision_id>/approval | 401 | Unauthorized | The request is missing a valid approval token or API key. | Send X-Approval-Token: <approval_token> (or Authorization: Bearer <approval_token>), or poll with Authorization: Bearer <API_KEY>. |
| GET /api/decisions/<decision_id>/approval | 403 | API key paused for audit | The API key used for polling is temporarily paused. | Wait for the pause to end or rotate credentials. |
| GET /api/decisions/<decision_id>/approval | 429 | Rate limit exceeded | Too many approval polling requests. | Back off and retry with exponential backoff. |
| POST /api/decisions/<id>/approve | 401 | Unauthorized | The reviewer is not authenticated. | Sign in to the dashboard and retry. |
| POST /api/decisions/<id>/approve | 403 | WARN approval is disabled | Global WARN approvals are disabled. | Re-enable WARN approvals, or treat WARN as not approved and do not execute. |
| POST /api/decisions/<id>/approve | 403 | WARN approval is not allowed | The account plan does not permit WARN approvals. | Upgrade the account plan or treat WARN as not approved and do not execute. |
| POST /api/decisions/<id>/approve | 404 | Not found | The decision_id does not exist (or is not accessible for this account). | Use the decision_id returned by /api/validate and ensure you are in the correct account. |
| POST /api/decisions/<id>/approve | 400 | Only WARN decisions may be approved | You attempted to approve a non-WARN decision. | Only approve decisions that were returned as WARN. |
| POST /api/decisions/<id>/approve | 409 | Already approved | The decision has already been approved. | Treat approval as idempotent; proceed using your normal execution safeguards. |
| POST /api/decisions/<id>/approve | 400 | Invalid payload | The request body does not match the expected shape. | Send JSON with an optional { comment: string } field (max 2000 chars). |
| POST /api/decisions/<id>/block | 400 | Only WARN decisions may be reviewed | You attempted to deny a non-WARN decision. | Only deny decisions that were returned as WARN. |
What to do when approval fails
- Do not execute the underlying action.
- Persist the failure for audit/debugging.
- Retry with backoff if the error is transient (429).
- If approval cannot be completed, re-run validation later (new decision_id) and repeat the flow.
Legal & Responsibility Notice
Summary
Informational only
Provided for general guidance. Not legal, compliance, security, or professional advice.
You control implementation
You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.
Liability limitation
To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.