Skip to main content
Use the Fluz API to submit approval requests for sensitive account actions, list pending requests, and approve or decline them on behalf of managers. Approval requests are available through the Transactional Graph Service GraphQL API. When a request is submitted, Fluz creates a durable approval record and notifies configured approvers. If approved, the underlying action runs automatically (for example, purchasing a gift card or transferring funds).

How It Works

  1. Request — A user with the appropriate REQUEST_* scope calls a request* mutation. The API validates the input and queues the request. The mutation returns a messageId, not an approvalId.
  2. Create — Fluz creates a pending approval and assigns account managers as approvers. Your application receives an APPROVAL_CREATE webhook with the approvalId.
  3. List (optional) — Approvers with LIST_APPROVALS can call approvalRequests to fetch open requests for the account.
  4. Approve or decline — Approvers with MANAGE_APPROVALS call approveApprovalRequest or declineApprovalRequest. On approval, Fluz executes the requested action.
  5. Webhook — Your application receives APPROVAL_APPROVE or APPROVAL_DECLINE. If execution fails after approval, you may receive APPROVAL_HANDLER_ERROR.
Requests are processed asynchronously. Poll approvalRequests or listen for webhooks to obtain the approvalId after submitting a request.

Shared Operations

These operations apply to all approval request types.

List Pending Approvals

approvalRequests Returns open (PENDING) approval requests for the authenticated account. Required scope: LIST_APPROVALS

Approve a Request

approveApprovalRequest Approves a pending request. On success, Fluz runs the action associated with the request (for example, creating a virtual card). Required scope: MANAGE_APPROVALS

Decline a Request

declineApprovalRequest Declines a pending request. No downstream action is executed. Required scope: MANAGE_APPROVALS

Application Scopes

Approval-related scopes must be granted at both the application level (by Fluz) and the user level (via OAuth consent or generateUserAccessToken). See Authentication for how scopes are granted and validated.

Request Types

Each request type has a dedicated guide with input fields, examples, and webhook identifiers.

Webhooks

Configure webhooks in the Fluz developer portal. Approval events use the same delivery mechanism as other Fluz webhooks. See the Developers overview for setup and verification.

APPROVAL_CREATE payload

Use approvalType and approvalCode together to identify the request type. Each per-type guide lists the values for that request.

APPROVAL_APPROVE / APPROVAL_DECLINE payload

For declines, approvalAction is DECLINE and approvalStatus is DECLINED.

APPROVAL_HANDLER_ERROR payload

Sent when a request is approved but the downstream action fails (for example, insufficient balance at execution time).

Authentication

Approval mutations support Bearer token (user OAuth) and Basic Auth (application API key), depending on your integration pattern. The authenticated principal becomes the requester. Use a User Access Token with the required scopes. See the Authentication & Authorization Guide.

Error Handling

Request mutations return a RequestApprovalResponse:
On failure:
Approve and decline mutations return success: false with an error object when the action cannot be completed (for example, approval not found or already resolved).