> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Approve an approval request. > If the quorum policy was configured to require extra things like 2FA, then, relevant info needs to be added to the request. ## OpenAPI ````json POST /sys/v1/approval_requests/{req_id}/approve { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/sys/v1/approval_requests/{req_id}/approve": { "post": { "operationId": "ApproveRequest", "tags": [ "Approval_requests" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Approve an approval request.", "description": "If the quorum policy was configured to require extra things\nlike 2FA, then, relevant info needs to be added to the request.", "parameters": [ { "name": "req_id", "in": "path", "required": true, "schema": { "type": "string", "format": "uuid" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApproveRequest" } } } }, "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApprovalRequest" } } } } } } } }, "components": { "schemas": { "ApproveRequest": { "allOf": [ { "type": "object", "properties": { "password": { "type": "string", "description": "Password is required if the approval policy requires password authentication." }, "u2f": { "$ref": "#/components/schemas/U2fAuthRequest" }, "fido2_auth_request": { "$ref": "#/components/schemas/PublicKeyCredentialAuthenticatorAssertionResponse" }, "body": { "nullable": true, "description": "Data associated with the approval" } } } ] }, "ApprovalRequest": { "allOf": [ { "type": "object", "properties": { "acct_id": { "type": "string", "format": "uuid" }, "approvers": { "type": "array", "items": { "$ref": "#/components/schemas/ReviewerPrincipal" } }, "body": { "nullable": true }, "created_at": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z" }, "denial_reason": { "type": "string", "nullable": true }, "denier": { "$ref": "#/components/schemas/ReviewerPrincipal" }, "description": { "type": "string", "nullable": true }, "expiry": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z" }, "method": { "type": "string" }, "operation": { "type": "string" }, "request_id": { "type": "string", "format": "uuid" }, "requester": { "$ref": "#/components/schemas/Principal" }, "result_viewed": { "type": "boolean" }, "reviewers": { "type": "array", "items": { "$ref": "#/components/schemas/Reviewer" }, "nullable": true }, "status": { "$ref": "#/components/schemas/ApprovalStatus" }, "subjects": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/components/schemas/ApprovalSubject" }, "nullable": true } }, "required": [ "acct_id", "approvers", "created_at", "expiry", "method", "operation", "request_id", "requester", "result_viewed", "status" ] } ] }, "U2fAuthRequest": { "allOf": [ { "type": "object", "description": "Use of U2F is deprecated, use FIDO2 for second factor authentication.", "properties": { "keyHandle": { "type": "string", "format": "byte" }, "signatureData": { "type": "string", "format": "byte" }, "clientData": { "type": "string", "format": "byte" } }, "required": [ "keyHandle", "signatureData", "clientData" ] } ] }, "PublicKeyCredentialAuthenticatorAssertionResponse": { "allOf": [ { "type": "object", "description": "Contains the attributes that are returned to the caller when a new\ncredential is created, or a new assertion is requested.", "properties": { "id": { "$ref": "#/components/schemas/Base64UrlSafe", "description": "Credential's identifier." }, "type": { "$ref": "#/components/schemas/PublicKeyCredentialType", "description": "Type of credential." }, "response": { "$ref": "#/components/schemas/AuthenticatorAssertionResponse" }, "get_client_extension_results": { "$ref": "#/components/schemas/AuthenticationExtensionsClientOutputs", "description": "This field contains client extension output entries produced\nby the extension’s client extension processing." } } } ] }, "ReviewerPrincipal": { "description": "A Principal who can approve or deny an approval request.", "oneOf": [ { "title": "ReviewerPrincipalVariantApp", "type": "object", "properties": { "app": { "type": "string", "format": "uuid" } }, "required": [ "app" ] }, { "title": "ReviewerPrincipalVariantUser", "type": "object", "properties": { "user": { "type": "string", "format": "uuid" } }, "required": [ "user" ] } ] }, "Principal": { "description": "A security principal.", "oneOf": [ { "title": "PrincipalVariantApp", "type": "object", "properties": { "app": { "type": "string", "format": "uuid" } }, "required": [ "app" ] }, { "title": "PrincipalVariantUser", "type": "object", "properties": { "user": { "type": "string", "format": "uuid" } }, "required": [ "user" ] }, { "title": "PrincipalVariantPlugin", "type": "object", "properties": { "plugin": { "type": "string", "format": "uuid" } }, "required": [ "plugin" ] }, { "title": "PrincipalVariantUserViaApp", "type": "object", "properties": { "userviaapp": { "$ref": "#/components/schemas/PrincipalUserViaApp" } }, "required": [ "userviaapp" ] }, { "title": "PrincipalVariantSystem", "type": "string", "enum": [ "system" ] }, { "title": "PrincipalVariantUnregisteredUser", "type": "string", "enum": [ "unregistereduser" ] } ] }, "Reviewer": { "allOf": [ { "type": "object", "description": "Reviewer of an approval request.", "properties": { "requires_password": { "type": "boolean", "nullable": true }, "requires_2fa": { "type": "boolean", "nullable": true } } }, { "$ref": "#/components/schemas/ReviewerPrincipal" } ] }, "ApprovalStatus": { "description": "Approval request status.", "type": "string", "enum": [ "PENDING", "APPROVED", "DENIED", "FAILED" ] }, "ApprovalSubject": { "description": "Identifies an object acted upon by an approval request.", "oneOf": [ { "title": "ApprovalSubjectVariantGroup", "type": "object", "properties": { "group": { "type": "string", "format": "uuid" } }, "required": [ "group" ] }, { "title": "ApprovalSubjectVariantSobject", "type": "object", "properties": { "sobject": { "type": "string", "format": "uuid" } }, "required": [ "sobject" ] }, { "title": "ApprovalSubjectVariantApp", "type": "object", "properties": { "app": { "type": "string", "format": "uuid" } }, "required": [ "app" ] }, { "title": "ApprovalSubjectVariantPlugin", "type": "object", "properties": { "plugin": { "type": "string", "format": "uuid" } }, "required": [ "plugin" ] }, { "title": "ApprovalSubjectVariantAccount", "type": "object", "properties": { "account": { "type": "string", "format": "uuid" } }, "required": [ "account" ] }, { "title": "ApprovalSubjectVariantNewAccount", "type": "string", "enum": [ "newaccount" ] }, { "title": "ApprovalSubjectVariantRole", "type": "object", "properties": { "role": { "type": "string", "format": "uuid" } }, "required": [ "role" ] } ] }, "Base64UrlSafe": { "type": "string", "format": "byte" }, "PublicKeyCredentialType": { "description": "https://www.w3.org/TR/webauthn-2/#enum-credentialType\n\nThis enum defines valid cred types.", "type": "string", "enum": [ "public-key" ] }, "AuthenticatorAssertionResponse": { "allOf": [ { "type": "object", "description": "", "properties": { "clientDataJSON": { "$ref": "#/components/schemas/Base64UrlSafe" }, "authenticatorData": { "$ref": "#/components/schemas/Base64UrlSafe" }, "signature": { "$ref": "#/components/schemas/Base64UrlSafe" }, "userHandle": { "$ref": "#/components/schemas/Base64UrlSafe" } }, "required": [ "clientDataJSON", "authenticatorData", "signature" ] } ] }, "AuthenticationExtensionsClientOutputs": { "allOf": [ { "type": "object", "description": "This is the response of extension inputs. For every input,\nan output must be returned if the input was considered.\n\n", "properties": { "appidExclude": { "type": "boolean", "nullable": true, "description": "Response of `appidExclude` extension.\nSee [AuthenticationExtensionsClientInputs::appid_exclude]." }, "appid": { "type": "boolean", "nullable": true, "description": "Response of `appid` extension.\nSee [AuthenticationExtensionsClientInputs::appid]." } } } ] }, "PrincipalUserViaApp": { "allOf": [ { "type": "object", "description": "UserViaApp signifies a user authorizing some app to act on its behalf through OAuth.", "properties": { "user_id": { "type": "string", "format": "uuid" }, "scopes": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/components/schemas/OauthScope" } } }, "required": [ "user_id", "scopes" ] } ] }, "OauthScope": { "description": "OAuth scope.", "type": "string", "enum": [ "app", "openid", "email", "profile" ] } } } } ````