Skip to content
Select themeSelect language

`GET /api/workflows/pending-approvals` — the human gates `waiting` on the caller across their own workflows (user-scoped, oldest first). Backs the Web-CLI `approvals` list — the same view the chat `/approvals` renders. Read-only; the decision flows through `decide_pending_approval` below.

GET
/api/workflows/pending-approvals
curl --request GET \
--url https://example.com/api/workflows/pending-approvals
Media typeapplication/json
Array<object>

GET /api/workflows/pending-approvals row — one human gate waiting on the caller. The user-scoped approvals view the chat surfaces and the Web-CLI share: a serializable projection of services::workflows::PendingApproval, keyed by workflow_run_id (the id the decide-by-run endpoint takes — at most one human node waits per run, so the run id alone resolves the gate).

object
deadline_at
string | null format: date-time
instructions
required
string
title
required
string
waiting_since
required
string format: date-time
workflow_name
required
string
workflow_run_id
required
string format: uuid
Examplegenerated
[
{
"deadline_at": "2026-04-15T12:00:00Z",
"instructions": "example",
"title": "example",
"waiting_since": "2026-04-15T12:00:00Z",
"workflow_name": "example",
"workflow_run_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
}
]

Authentication required

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Permission denied

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Structured server error

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}