Approval Flows
An approval flow is a running instance of a governance template. It tracks the state of a review from submission to final decision.
Flow Lifecycle
Section titled “Flow Lifecycle”| State | Transitions To |
|---|---|
| Submitted | In Progress (reviewer assigned) |
| In Progress | Approved, Rejected, or Amendment Required |
| Amendment Required | In Progress (resubmitted) |
| Approved | Complete |
| Rejected | Complete |
How Reviewers Are Selected
Section titled “How Reviewers Are Selected”Templates define reviewer roles — not specific people. When a flow starts, Apiway resolves roles to actual users based on:
- Organisational structure — Team leads, functional area owners
- API ownership — The producing team’s designated reviewers
- Escalation rules — If a reviewer doesn’t respond within a threshold, the flow escalates
Reviewing a Submission
Section titled “Reviewing a Submission”# List pending approvalscurl https://core.api.apiway.net/v1/governance/approvals?status=pending \ -H "Authorization: Bearer $TOKEN"
# Submit a decisioncurl -X POST https://core.api.apiway.net/v1/governance/approvals/{id} \ -H "Authorization: Bearer $TOKEN" \ -d '{ "outcome": "Approved", "comments": "Looks good. Security model is solid." }'Navigate to Governance > Pending Approvals. Each approval card shows the API details, compliance score, and recommendation summary. Click to review the full specification, then approve, reject, or request amendments.
What Reviewers See
Section titled “What Reviewers See”Each approval includes:
- API specification — Full OAS with highlighted changes (for updates)
- Compliance report — Score and individual violations
- Recommendations — Design improvement suggestions
- Governance history — Previous flows for this API
- Submission context — Who submitted, when, and why
Auto-Approval
Section titled “Auto-Approval”For lower-risk scenarios, templates can enable auto-approval. Common configurations:
- Internal APIs in development environments → auto-approved
- APIs with a compliance score above a threshold → auto-approved
- Production deployments → always require manual approval
Flow Visualisation
Section titled “Flow Visualisation”Completed flows include an SVG diagram showing the full approval graph — who was involved, what path the flow took, and the timeline. This is generated at completion and stored as a permanent audit record.
Notifications
Section titled “Notifications”Apiway notifies reviewers and submitters at each state change:
- Reviewer assigned — “You have a new approval waiting”
- Decision made — “Your API was approved/rejected”
- Amendment requested — “Changes are needed before this can proceed”
- Escalation — “This approval has been escalated to you”