Skip to content
Orvanta Docs

ConsentGate

ConsentGate is Orvanta’s built-in human-in-the-loop mechanism. It pauses a workflow run at a designated node and waits for an authorised person to review the context and either approve or reject the continuation.

Why ConsentGate?

Section titled “Why ConsentGate?”

Automation is powerful — but some operations are irreversible, high-risk, or require human judgement. ConsentGate gives you a safe checkpoint without breaking the automation flow:

  • Deleting production data
  • Sending bulk communications
  • Deploying to a critical environment
  • Initiating financial transactions
  • Approving an AI agent’s proposed action

How it works

Section titled “How it works”
  1. The workflow runs normally until it hits a ConsentGate node.
  2. The run transitions to awaiting_approval and execution pauses.
  3. Designated approvers receive a notification (email, Slack, or webhook).
  4. An approver opens the approval UI, reviews the run context, and clicks Approve or Reject.
  5. If approved, the workflow continues from the next node.
  6. If rejected, the run transitions to failed (with a rejection reason attached to the context).

Configuring a ConsentGate node

Section titled “Configuring a ConsentGate node”

In the workflow editor, add a ConsentGate node and configure:

FieldDescription
ApproversOne or more users or roles who can approve this gate.
TimeoutHow long to wait before auto-rejecting (optional).
Notification channelEmail, Slack, or webhook.
Message templateCustom message shown to the approver; can reference context values.

Example message template

Section titled “Example message template”
Workflow: {{ workflow.name }}
Triggered by: {{ run.triggered_by }}


The following action is about to be taken:
- Delete customer: {{ context.customer_id }}
- Record count: {{ context.record_count }}


Please review and approve or reject.

Programmatic approval

Section titled “Programmatic approval”

Approvals can also be submitted via the REST API, enabling programmatic approval workflows (e.g., from a custom internal tool):

POST /api/v1/runs/{run_id}/consent
Authorization: Bearer <token>
Content-Type: application/json


{
  "decision": "approved",
  "reason": "Reviewed and confirmed by on-call engineer"
}
Section titled “Related”
  • Runs — Run lifecycle and the awaiting_approval state.
  • Workflows — Node types and workflow structure.
  • API Reference — Full API reference including the consent endpoint.