How It Works
- Request — A user with the appropriate
REQUEST_*scope calls arequest*mutation. The API validates the input and queues the request. The mutation returns amessageId, not anapprovalId. - Create — Fluz creates a pending approval and assigns account managers as approvers. Your application receives an
APPROVAL_CREATEwebhook with theapprovalId. - List (optional) — Approvers with
LIST_APPROVALScan callapprovalRequeststo fetch open requests for the account. - Approve or decline — Approvers with
MANAGE_APPROVALScallapproveApprovalRequestordeclineApprovalRequest. On approval, Fluz executes the requested action. - Webhook — Your application receives
APPROVAL_APPROVEorAPPROVAL_DECLINE. If execution fails after approval, you may receiveAPPROVAL_HANDLER_ERROR.
Requests are processed asynchronously. PollapprovalRequestsor listen for webhooks to obtain theapprovalIdafter submitting a request.
Shared Operations
These operations apply to all approval request types.List Pending Approvals
approvalRequests
Returns open (PENDING) approval requests for the authenticated account.
Required scope: LIST_APPROVALS
Approve a Request
approveApprovalRequest
Approves a pending request. On success, Fluz runs the action associated with the request (for example, creating a virtual card).
Required scope: MANAGE_APPROVALS
Decline a Request
declineApprovalRequest
Declines a pending request. No downstream action is executed.
Required scope: MANAGE_APPROVALS
Application Scopes
Approval-related scopes must be granted at both the application level (by Fluz) and the user level (via OAuth consent orgenerateUserAccessToken).
See Authentication for how scopes are granted and validated.
Request Types
Each request type has a dedicated guide with input fields, examples, and webhook identifiers.
Webhooks
Configure webhooks in the Fluz developer portal. Approval events use the same delivery mechanism as other Fluz webhooks. See the Developers overview for setup and verification.APPROVAL_CREATE payload
approvalType and approvalCode together to identify the request type. Each per-type guide lists the values for that request.
APPROVAL_APPROVE / APPROVAL_DECLINE payload
approvalAction is DECLINE and approvalStatus is DECLINED.
APPROVAL_HANDLER_ERROR payload
Sent when a request is approved but the downstream action fails (for example, insufficient balance at execution time).Authentication
Approval mutations support Bearer token (user OAuth) and Basic Auth (application API key), depending on your integration pattern. The authenticated principal becomes the requester. Use a User Access Token with the required scopes. See the Authentication & Authorization Guide.Error Handling
Request mutations return aRequestApprovalResponse:
success: false with an error object when the action cannot be completed (for example, approval not found or already resolved).