# Set up two-party approvals Require two-party approval for certain sensitive actions. Approvals lets admins require a second person to review sensitive actions before they take effect. Rules can apply to human users acting through the Dashboard, CLI, or MCP, and to autonomous agents using [agent-tagged API keys](https://docs.stripe.com/keys.md#agent-keys) through the API, CLI, or MCP. When an action triggers an approval rule, the action is interrupted and an approval request is created. A designated reviewer approves or denies the request. Approved actions are completed automatically; denied actions are discarded with no changes made. ## Supported actions You can require approval for the following actions: - Bank account is added or updated - Bank account is deleted - Admin is invited to account - PaymentIntent is created - Invoice is created - Refund is created - Subscription is created - Subscription is cancelled - Credit note is created - Customer balance transaction is created ## Create an approval rule 1. Go to **Settings** > [Approvals](https://dashboard.stripe.com/settings/approvals/rules). 2. Click **Create rule**, then select the action that triggers the approval. Only team members with the Administrator role may create or edit approval rules. 3. Optionally, click **Add condition** to add one or more trigger conditions. For example, require approval for a refund only if the amount exceeds a threshold. If you add multiple conditions, you can choose whether to combine them with `and` or `or`. To apply approval rules only to agents and not human actions in the Dashboard, set the **Client condition** to `Agent`. 4. Set the control: - **Require approval**: The action is paused until a reviewer approves it. - **Block**: The action is rejected outright. 5. Choose **who can review requests**: individual team members, or all team members with an assigned role, such as Administrator, Analyst, or Support specialist. Only individually assigned team members receive email notifications when an action requires their review. 6. Optionally, define **custom justification instructions** for requesters that appear when they request a sensitive action, so they can submit proper justification. 7. Optionally, enter a **name** for the rule. 8. Click **Activate** to save and enable the rule immediately, or **Save changes** to save it as inactive. You can activate, deactivate, or delete rules at any time from the Approvals settings page. Only one active rule can apply to a given action. ## Handle Dashboard actions that require two-party approval When team members take sensitive actions in the Dashboard subject to your approval rules, Stripe automatically submits an approval request for review. Requesters may optionally add a justification to their request, which appears to the reviewer for additional context along with the details of the request. ## Handle API requests from AI agents that require two-party approval When an agent-tagged API key attempts an action that triggers an approval rule, Stripe blocks the request and returns an `approval_required` error containing a pending `approval_request` object. The agent must decide whether to submit the request for review. ### Receive the error ```bash stripe refunds create \ --charge=ch_1NirD82eZvKYlo2CIvbtLWuY ``` ```json { "error": { "code": "approval_required", "type": "invalid_request_error", "message": "This action requires approval before it can be completed. An approval request (apreq_test_61UTlnIc6qlJSHVBD16TkRqlEkSQ55yeUApuueFJIDCS) has been automatically generated but has not been submitted. To proceed, submit the request for review via POST /v2/core/approval_requests/apreq_test_61UTlnIc6qlJSHVBD16TkRqlEkSQ55yeUApuueFJIDCS/submit — if approved, it will automatically execute.", "approval_request": { "id": "apreq_test_61UTlnIc6qlJSHVBD16TkRqlEkSQ55yeUApuueFJIDCS", "object": "approval_request", "action": "create_refund", "status": "pending", "dashboard_url": "https://dashboard.stripe.com/approval_requests/apreq_test_61UTlnIc6qlJSHVBD16TkRqlEkSQ55yeUApuueFJIDCS", "expires_at": "2026-03-10T19:00:00Z" } } } ``` ### Submit an approval request for review Even though Stripe automatically generates an approval request in the error response, agents must explicitly submit the request for it to be reviewed. Unsubmitted approval requests expire automatically after 24 hours. To submit a request: ```curl curl -X POST https://api.stripe.com/v2/core/approval_requests/apreq_1R4kXn2eZvKYlo2C/submit \ -H "Authorization: Bearer <>" \ -H "Stripe-Version: 2026-06-24.preview" \ --json '{ "reason": "Customer support request for Jenny Rosen" }' ``` > Any authenticated agent-tagged API key can submit an approval request. Submitted requests appear in the Dashboard under **Settings** > **Approvals** > [Requests](https://dashboard.stripe.com/settings/approvals/requests). ## Review approval requests Designated reviewers can approve or deny requests [on the Requests page](https://dashboard.stripe.com/settings/approvals/requests) in the Dashboard. Use the filters to view requests by status, then click a request to view its details and respond. Requests that haven’t been approved within 14 days automatically expire. When a request is approved, the action completes automatically. When a request is denied, no changes are made. A user can’t approve their own request. ## Monitor approval activity Approval events appear in [Security history](https://dashboard.stripe.com/settings/security_history) under **Settings** > **Team and security**. The following events are logged: - Approval rule created, updated, activated, deactivated, or deleted - Approval request created - Approval request approved or denied You can also view API requests where approval was required from [Logs in Workbench](https://dashboard.stripe.com/workbench/logs). Click an API request to view it. ## Webhooks and events Because approval requests are reviewed asynchronously, you might want to create a webhook to listen for an event once an approval request is approved (`v2.core.approval_request.approved`) or rejected (`v2.core.approval_request.rejected`). If you no longer need an approval request to be reviewed, you can cancel it, which generates a `v2.core.approval_request.canceled` event. After approval, requests are auto-executed, and emit either `v2.core.approval_request.succeeded` or `v2.core.approval_request.failed`. ## See also - [API keys](https://docs.stripe.com/keys.md) - [User roles](https://docs.stripe.com/get-started/account/teams/roles.md)