> ## Documentation Index > Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt > Use this file to discover all available pages before exploring further. # Approve an admin action request > Approves a pending admin action request. The reviewer cannot be the same user who submitted the request. ## OpenAPI ````yaml https://app.dynamic.xyz/api-docs/public-api.yaml post /organizations/{organizationId}/adminActions/{adminActionRequestId}/approve openapi: 3.0.1 info: title: Dashboard API description: Dashboard API documentation version: 1.0.0 servers: - url: https://app.dynamicauth.com/api/v0 - url: https://app.dynamic.xyz/api/v0 - url: http://localhost:3333/api/v0 security: [] tags: - name: Analytics description: Query usage analytics and event counts for your environment. - name: SDK description: SDK-facing endpoints consumed by embedded Dynamic clients. - name: Organizations description: >- Manage organizations — the top-level container for all environments and projects. - name: Projects description: Manage projects that group related environments under an organization. - name: Environments description: >- Manage environments (live and sandbox) where your authentication configuration lives. - name: Users description: List, search, and manage authenticated users within an environment. - name: Invites description: >- Manage invitation links that grant specific external users access to your environment. - name: Tokens description: >- Create and manage API tokens used to authenticate requests to the Dynamic API. - name: Origins description: >- Configure allowed origins (CORS) for SDK and API access to your environment. - name: Allowlists description: >- Manage allowlists to control which wallet addresses or email addresses can access your environment. - name: Wallets description: View and manage wallets linked to users in your environment. - name: Members description: Manage team members and their roles within an organization. - name: Sessions description: View and revoke active user sessions within an environment. - name: Settings description: Read and update environment-level configuration settings. - name: Exchanges description: >- Configure exchange integrations (Coinbase, Binance, etc.) for fiat on-ramp within your environment. - name: Providers description: >- List, enable, disable, and configure authentication providers (OAuth, email, wallet, SMS, etc.) for your environment. - name: Captcha description: >- Configure captcha verification (provider, site key, secret key) for your environment. - name: Gates description: >- Define access gates that restrict environment entry to users who meet specific criteria. - name: Chains description: >- Manage the blockchain networks available for wallet connection in your environment. - name: Exports description: Export user and wallet data from your environment as downloadable files. - name: Events description: Browse the event log of actions performed within your environment. - name: Webhooks description: >- Create and manage webhooks to receive real-time events (user.created, wallet.linked, etc.) at your endpoint. - name: Custom Fields description: >- Define and manage custom metadata fields collected from users at sign-up or login. - name: MfaSettings description: >- Configure multi-factor authentication (MFA) policies for your organization. - name: Mfa description: Manage MFA enrollment and verification for individual users. - name: CustomHostnames description: >- Configure custom hostnames for white-labeling the Dynamic authentication experience. - name: TestAccount description: >- Manage test accounts used for automated testing and QA within an environment. - name: NameServices description: >- Configure name service integrations (ENS, Unstoppable Domains, etc.) for human-readable wallet addresses. - name: GlobalWallets description: >- Manage global wallets shared across multiple environments in an organization. - name: GlobalWalletConnections description: Configure which environments can access and use global wallets. - name: GlobalWalletAccessControl description: Control which users and roles can access and operate global wallets. - name: UserApiTokens description: >- Create and manage user-scoped API tokens for programmatic access on behalf of a user. - name: Waas description: Wallet-as-a-Service endpoints for creating and managing embedded wallets. - name: WalletConnect description: Configure WalletConnect integration settings for your environment. - name: Checkout description: >- Accept crypto payments and deposits from any wallet. Settle in any token you choose. - name: Flow description: >- Accept crypto payments, deposits, and withdrawals. Amount and destination are fixed server-side at create; the post-create lifecycle is driven with a capability session token. - name: Custom Networks description: >- Add and manage custom EVM-compatible networks beyond the built-in chain list. - name: Chainalysis description: >- Configure Chainalysis integration for blockchain address screening and risk assessment. - name: Visits description: Track and query user visit activity within your environment. - name: ExternalJwt description: >- Configure external JWT providers so existing auth tokens can be used with Dynamic. - name: SDK Views description: >- Manage SDK view configurations that customize the appearance of Dynamic modals and flows. - name: DeeplinkUrls description: Configure deep link URLs for mobile app integration with the Dynamic SDK. - name: OrganizationSettings description: >- Read and update organization-level settings such as approval workflow configuration. - name: AdminActions description: >- Manage admin action requests that require approval from another administrator. - name: ClientGrant description: | OAuth 2.0 Device Authorization Grant flow (RFC 8628) used by first-party Dynamic clients (CLI, MCP server, demo apps, IDE plugins) to obtain a revocable, 30-day client JWT without ever seeing the user's dashboard session token. - name: AuthorizedClients description: | Manage first-party clients (CLI / MCP / demo / IDE plugins) authorized to act as a dashboard user. Surfaced under Profile → Authorized Clients. paths: /organizations/{organizationId}/adminActions/{adminActionRequestId}/approve: post: tags: - AdminActions summary: Approve an admin action request description: >- Approves a pending admin action request. The reviewer cannot be the same user who submitted the request. operationId: approveAdminActionRequest parameters: - $ref: '#/components/parameters/organizationId' - in: path name: adminActionRequestId required: true schema: type: string format: uuid requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/AdminActionReviewRequest' responses: '200': description: Action request approved and executed content: application/json: schema: $ref: '#/components/schemas/AdminActionRequestResponse' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '409': $ref: '#/components/responses/Conflict' '500': $ref: '#/components/responses/InternalServerError' security: - bearerAuth: [] components: parameters: organizationId: in: path name: organizationId required: true description: ID of organization schema: $ref: '#/components/schemas/uuid' schemas: AdminActionReviewRequest: description: Request body for approving or denying an action request. type: object properties: note: description: Optional note explaining the decision. Shown to the submitter. type: string maxLength: 1000 AdminActionRequestResponse: description: >- Wrapper response for a single action request, returned by get/approve/deny endpoints. type: object required: - actionRequest properties: actionRequest: $ref: '#/components/schemas/AdminActionRequest' message: description: >- Human-readable message, e.g. "This action requires approval from another admin." type: string uuid: type: string pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ minLength: 36 maxLength: 36 example: 95b11417-f18f-457f-8804-68e361f9164f AdminActionRequest: description: >- An admin action that may require approval before execution. When approval mode is enabled, sensitive actions create a pending request. When disabled, actions are auto-approved with an audit record. type: object required: - id - organizationId - submittedById - status - actionType - displayName - category - actionPayload - requiredApprovals - currentApprovals - expiresAt - createdAt properties: id: type: string format: uuid organizationId: description: The organization this action belongs to. type: string format: uuid environmentId: description: The environment this action targets. Null for org-level actions. type: string format: uuid nullable: true submittedById: description: The admin who initiated this action. type: string format: uuid submittedBy: $ref: '#/components/schemas/AdminActionRequestUser' responses: description: >- Review responses from admins, one row per reviewer per request. Under quorum, multiple approve responses may accumulate before the request reaches requiredApprovals and transitions to approved. type: array items: $ref: '#/components/schemas/AdminActionResponseItem' status: $ref: '#/components/schemas/AdminActionRequestStatus' actionType: $ref: '#/components/schemas/AdminActionType' displayName: description: >- Human-readable action label shown in the Activity Queue, e.g. "Reset MFA for alice@example.com" or "Environment Lock". type: string category: description: >- Grouping label for the Activity Queue table, e.g. "Security" or "User Management". type: string targetEntityType: description: >- The type of entity this action targets, e.g. "user" or "provider". Null for settings changes. type: string nullable: true targetEntityId: description: The ID of the target entity. Null for settings changes. type: string format: uuid nullable: true previousState: description: >- State before the change. Shape varies by actionType. Used for display and conflict detection. type: object nullable: true actionPayload: description: >- What to apply when approved. Shape varies by actionType — for settings_change includes fullSettingsSnapshot, for reset_user_mfa includes userId and resetAll flag, for delete_user includes userId and email. type: object requiredApprovals: description: >- Number of distinct admin approvals needed to execute this request, snapshotted from the organization settings at creation time. Subsequent changes to the org setting do not affect in-flight requests. type: integer currentApprovals: description: >- Number of approvals received so far. The request transitions to approved when this reaches requiredApprovals. A single deny at any point transitions the request to denied regardless of this counter. type: integer expiresAt: description: >- When this request expires if still pending. Calculated as createdAt + TTL hours. type: string format: date-time resolvedAt: description: >- When the request was approved, denied, or expired. Null while pending. type: string format: date-time nullable: true createdAt: type: string format: date-time Unauthorized: type: object properties: error: description: Human-readable error message describing the authentication failure type: string example: No jwt provided! Forbidden: type: object properties: error: description: Human-readable error message type: string example: Access Forbidden NotFound: type: object required: - error - code properties: error: description: Human-readable error message type: string example: Not Found code: description: Machine-readable error code type: string example: not_found Conflict: type: object properties: error: description: Human-readable error message type: string example: 'Conflict: invalid state transition' InternalServerError: type: object properties: error: description: Human-readable error message type: string example: Internal Server Error AdminActionRequestUser: description: Minimal user info embedded in action request and response objects. type: object required: - id - email properties: id: type: string format: uuid email: type: string name: description: Display name, if available. type: string AdminActionResponseItem: description: >- A single review response from an admin. One row per reviewer per request, stored in a separate table to support future quorum (multiple reviewers). type: object required: - id - actionRequestId - reviewerId - decision - createdAt properties: id: type: string format: uuid actionRequestId: description: The action request this response belongs to. type: string format: uuid reviewerId: description: The admin who submitted this review. type: string format: uuid reviewer: $ref: '#/components/schemas/AdminActionRequestUser' decision: $ref: '#/components/schemas/AdminActionResponseDecision' note: description: Optional note from the reviewer explaining their decision. type: string nullable: true createdAt: type: string format: date-time AdminActionRequestStatus: description: The lifecycle status of an admin action request. type: string enum: - pending - approved - denied - expired - auto_approved AdminActionType: description: >- The type of admin action. Determines how the action payload is interpreted and executed. type: string enum: - settings_change - reset_user_mfa - delete_user AdminActionResponseDecision: description: The reviewer's decision on an action request. type: string enum: - approved - denied responses: Unauthorized: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Unauthorized' Forbidden: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Forbidden' NotFound: description: Not Found content: application/json: schema: $ref: '#/components/schemas/NotFound' Conflict: description: Conflict content: application/json: schema: $ref: '#/components/schemas/Conflict' InternalServerError: description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/InternalServerError' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT ````