Policies & Approval

Policies & Approval

Policies control which requests are auto-approved and which require human approval. Configure them per-credential in the dashboard under Credentials → Policies.

Policy Evaluation Order

When a request arrives, the proxy evaluates rules in this order:

  1. URL patterns — if the target URL contains any auto_approve_urls substring, auto-approve regardless of HTTP method
  2. Method rules — if the HTTP method is in auto_approve_methods, auto-approve. HEAD follows GET policy
  3. Require approval — if the method is in require_approval_methods, require human approval
  4. Default — if the method isn’t in either list, require approval (fail closed)

Example: a policy with auto_approve_methods: ["GET"] and auto_approve_urls: ["/conversations.list"] means POST /conversations.list is auto-approved (URL match), but POST /chat.postMessage requires approval (method rule).

No Policy = Fail Closed

If a credential has no policy configured, all requests require approval. You must explicitly opt in to auto-approval.

Approval Channels

When approval is required, the proxy blocks until an approver responds or the timeout expires (default 5 minutes).

Telegram

The default channel. The proxy sends a message with the agent name, credential, HTTP method, target URL, body preview, and Approve / Deny buttons.

Passkey (WebAuthn)

For hardware-backed approval via Face ID, fingerprint, or YubiKey. The Telegram message includes a secure URL — the approver opens it, authenticates with their passkey, and the request is approved. Passkeys are self-registered on first use.

Long-Polling vs Webhook

By default, the proxy polls Telegram’s API with a 30-second timeout (works behind NAT). For production with a public URL, configure Telegram webhooks — the proxy handles callbacks at POST /telegram/webhook.

Per-Credential Routing

You can restrict who can approve and route approval messages to different Telegram chats per credential:

  • allowed_approvers — list of Telegram user IDs. Only these users can tap Approve/Deny. Empty = anyone in the chat.
  • Per-credential chat_id — overrides the default chat for this credential’s approval messages. Useful for routing sensitive credentials to a restricted channel.

Configure both in the dashboard under each credential’s policy settings, or via the API Reference.

Rate Limiting

Per-agent rate limits are set when creating or editing an agent in the dashboard. When exceeded, the proxy returns 429 Too Many Requests. Limits reset on a rolling 1-hour window.

How It WorksAPI Reference