Authentication
✅ Organization User (CustomerEmployee)❌ Delegated User (
EndUser)✅ Service Account
Required Permissions
Policies:Update: Always required.Authorizations
Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows
User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows
Path Parameters
1Body
- Alias:Modify
- Permissions:Assign
- Permissions:Modify
- Policies:Modify
- Wallets:Sign
- Wallets:IncomingTransaction
Alias:Modify This rule will always be triggered, meaning that if this rule is defined on a policy, the policy will always trigger the policy action, regardless of the activity details.
This action means that activity will first require an Approval process to be completed before it can be executed (or be aborted if someone rejects it during the approval process).
One or several groups of approvers need to be specified. These groups define who is allowed to approve / reject an activity.
The activity will only be executed if all approver groups reach their "quorum" of approvals. Otherwise, if any one user within any approver group rejects, then the activity is aborted and the call is not executed.
The example below shows a RequestApproval action, configured with one approval group requiring 2 approvals amongst three specific users.
{
"action": {
"kind": "RequestApproval",
"autoRejectTimeout": 60, // minutes
"approvalGroups": [
{
"name": "Admins",
"quorum": 2, // only 2 approvers required in that group
"approvers": {
"userId": {
"in": ["us-...1", "us-...2", "us-...3"],
}
}
}
],
}
}You cannot approve your own requests
Please make your policies won't require a requester to approve his/her own request so you don't get blocked.
Example: Company has 3 users allowed to modify policies. They create a policy that requires approval from 3 out of the 3 users for any future policy modification. In this case, they get cannot modify policies anymore: whoever requests a modification cannot approve, and the policy is therefore always missing one approver. They need to invite a new user and give him the rights to update the policy, so he can lower the quorum and the 3 original users can approve the modification.
- RequestApproval
- Block
Response
Success
- Alias:Modify
- Permissions:Assign
- Permissions:Modify
- Policies:Modify
- Wallets:Sign
- Wallets:IncomingTransaction
Active, Archived Alias:Modify This rule will always be triggered, meaning that if this rule is defined on a policy, the policy will always trigger the policy action, regardless of the activity details.
This action means that activity will first require an Approval process to be completed before it can be executed (or be aborted if someone rejects it during the approval process).
One or several groups of approvers need to be specified. These groups define who is allowed to approve / reject an activity.
The activity will only be executed if all approver groups reach their "quorum" of approvals. Otherwise, if any one user within any approver group rejects, then the activity is aborted and the call is not executed.
The example below shows a RequestApproval action, configured with one approval group requiring 2 approvals amongst three specific users.
{
"action": {
"kind": "RequestApproval",
"autoRejectTimeout": 60, // minutes
"approvalGroups": [
{
"name": "Admins",
"quorum": 2, // only 2 approvers required in that group
"approvers": {
"userId": {
"in": ["us-...1", "us-...2", "us-...3"],
}
}
}
],
}
}You cannot approve your own requests
Please make your policies won't require a requester to approve his/her own request so you don't get blocked.
Example: Company has 3 users allowed to modify policies. They create a policy that requires approval from 3 out of the 3 users for any future policy modification. In this case, they get cannot modify policies anymore: whoever requests a modification cannot approve, and the policy is therefore always missing one approver. They need to invite a new user and give him the rights to update the policy, so he can lower the quorum and the 3 original users can approve the modification.
- RequestApproval
- Block