Submit Override Decision

curl -X POST http://localhost:8001/overrides/evt-a1b2c3d4-5678-9012-abcd-ef3456789012/decide \
  -H "Content-Type: application/json" \
  -d '{
    "override_jti": "f4a5b6c7-d8e9-0123-f012-456789012cde",
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "decision": "approve",
    "reason": "Verified by security team after manual review"
  }'

{
  "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
  "decision": "approve",
  "cosignature": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
}

POST

http://localhost:8001

overrides

{event_id}

decide

curl -X POST http://localhost:8001/overrides/evt-a1b2c3d4-5678-9012-abcd-ef3456789012/decide \
  -H "Content-Type: application/json" \
  -d '{
    "override_jti": "f4a5b6c7-d8e9-0123-f012-456789012cde",
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "decision": "approve",
    "reason": "Verified by security team after manual review"
  }'

{
  "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
  "decision": "approve",
  "cosignature": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
}

The auth service is deployed on a private network. All endpoints except /health are internal management-plane operations.

Path Parameters

event_id

string

required

UUID of the event to submit a decision for.

Request Body

override_jti

string

required

JTI of the override token authorizing this decision. The token must be valid, not expired, and not already used.

customer_id

string

required

UUID of the customer that owns the event.

decision

string

required

The decision to submit. Must be one of the allowed_decisions specified when the override token was created (typically approve or reject).

reason

string

Reason for the decision (e.g., Verified by security team after manual review).

Response

event_id

string

The event identifier echoed back.

decision

string

The submitted decision.

cosignature

string

HMAC-SHA256 co-signature attesting to this decision. Computed as HMAC(override_secret, "override|{event_id}|{decision}|{override_jti}").

curl -X POST http://localhost:8001/overrides/evt-a1b2c3d4-5678-9012-abcd-ef3456789012/decide \
  -H "Content-Type: application/json" \
  -d '{
    "override_jti": "f4a5b6c7-d8e9-0123-f012-456789012cde",
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "decision": "approve",
    "reason": "Verified by security team after manual review"
  }'

{
  "event_id": "evt-a1b2c3d4-5678-9012-abcd-ef3456789012",
  "decision": "approve",
  "cosignature": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
}

⌘I

Auth Service

Auth Endpoints — Tokens

Auth Endpoints — Keys

Auth Endpoints — Revocation

Auth Endpoints — Webhooks & Overrides

Submit Override Decision

Path Parameters

Request Body

Response

Auth Service

Auth Endpoints — Tokens

Auth Endpoints — Keys

Auth Endpoints — Revocation

Auth Endpoints — Webhooks & Overrides

​Path Parameters

​Request Body

​Response

Path Parameters

Request Body

Response