When a permission check returns "requires_approval," your system creates an approval request via the REST API.
The approval request includes the tool name, parameters, reasoning, and any context your agent wants to provide.
oakallow then sends a webhook to your configured URL with the approval details (event: approval.created). Your system routes this notification to the appropriate reviewer via Slack, Teams, PagerDuty, email, or any channel you choose.
The reviewer approves or denies via the oakallow dashboard or mobile app, or your system calls the decide endpoint directly. oakallow sends another webhook with the decision (event: approval.decided).
Your agent receives the decision via the webhook or by polling the approval status endpoint. Once approved, the decision is signed and your agent proceeds.
Approvals have a configurable timeout (default: 1 hour). If no decision is made within the timeout, the approval expires and the tool does not execute.