Authorization infrastructure for AI actions

Prevent AI workflows from making uncontrolled operational changes.

APPROVEDREJECTEDREVIEW_REQUIRED

One verify call returns APPROVED · REJECTED · REVIEW_REQUIRED

Pause risky actions before CRM, payments, or records change.

Add once in your n8n template—every client workflow inherits the verify step.

Agencies use BiDigest to make AI workflows easier to approve internally and safer to deploy to clients.

Add approval checks to AI workflows in minutes
Human review for risky actions
Execution receipts with receipt_id for every verify call

Protect your first workflow See protected workflows Try a live verify

Partner intake — API key in minutes

What changes for your agency

Ship faster with reusable approval infrastructure—better client conversations, not another compliance workshop.

Before	With BiDigest
“Trust us, the AI usually behaves.”	Every action returns a receipt and an approval verdict.
Clients fear autonomous workflows	Clients see approval controls and human review paths
Rebuild approval logic per client	Same verify call reused in every client template
Harder enterprise security conversations	Clearer security and operations story for procurement
Ambiguous blame after incidents	Execution receipts with timestamps and receipt_id

See it on a real workflow

Real n8n capture: verify every path, branch on the verdict, log an execution receipt before CRM or payment tools run.

Real workflow · n8n

Loading workflow preview…

What happens on REVIEW_REQUIRED?

Human-in-the-loop by verdict—your workflow pauses until a human decides, same pattern agencies already use for refunds and CRM writes.

REVIEW_REQUIRED is the operational pause between AI autonomy and human accountability—not a blended trust score.

REVIEW_REQUIRED
Verify returns a verdict + receipt_id; downstream steps wait.
Notify your team
Webhook, email, or agency console—wire the channel you already use.
Human approves
Operator reviews context; approves or rejects in your tool of record.
Workflow resumes
Continue the automation with the receipt on file for the client.

Start with one protected workflow

Price by protected workflows and verify volume. Add approval infrastructure to automations—not seat licenses or observability dashboards.

Starter

Free

Solo builders and first client demos

1 protected workflow
Low verify volume
Execution receipts + REVIEW_REQUIRED branching
Simulator access

Start with protected refund template

Team

From $99/mo

n8n / Make agencies shipping client automations

Multiple protected workflows
Higher verify volume band
Review-required gating before Stripe / CRM
Receipt logging on every path

Open agency console

Growth

From $500/mo

Agencies with reusable templates across many clients

Template library + audit exports (roadmap)
Shared receipt management
Priority support

Talk to us

Regulated enterprise deployments use scoped authorization architecture—not self-serve checkout. Scoped authorization assessment

How it works

1
Your AI workflow proposes an action
Refund, CRM update, payment, claim, or copilot step—whatever you already automate.
2
BiDigest returns a verdict
APPROVED, REJECTED, or REVIEW_REQUIRED in one HTTP call—before money, records, or approvals change.
3
You store the execution receipt
Verification receipts for clients, disputes, and enterprise onboarding—log receipt_id in every run.

5-minute integration

Copy, paste, verify—then reuse the same verify call in every client template. Not per-client consulting—reusable infrastructure.

[COMING SOON] Typed npm SDK for agencies. Today: copy fetch or curl below (works with any stack).

const res = await fetch('https://bidigest.com/api/v1/admissibility/verify', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.BIDIGEST_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    jurisdiction: { regionCode: 'us-fed', industrySector: 'financial' },
    intent: {
      agentId: 'agency-agent:client-acme',
      actionType: 'refund_approval',
      proposedPayload: { action: 'refund_approval', amount: 500, clientId: 'client-acme' },
    },
    sessionContext: {
      sessionId: 'session-acme-refund-001',
      userId: 'support_agent',
      sessionStartTime: new Date().toISOString(),
    },
    groundTruthBinding: {
      domain: 'agency-automation-demo.bidigest.com',
      regulatoryId: 'AGENCY_AUTOMATION_DEMO_V0',
    },
  }),
});
const data = await res.json();
// Map API response → agency verdict (see /partners/ai-automation/recipes)

Full HTTP recipes for n8n, Make, and Zapier

Works inside workflows built with

HTTP Request, webhook, or REST only—no native n8n/Make/Zapier marketplace apps yet. Open Integration recipes for copy-paste curl.

n8n
Make
Zapier
OpenAI Agents
LangChain
CrewAI
Flowise
Langflow
Retool
HubSpot
Salesforce

Learn the operational model

Verdict reference & topology

AI agent

BiDigest verify

APPROVEDREJECTEDREVIEW_REQUIRED

CRM · payments · ERP

Returns exactly one verdict per call.

Inline authorization check

Verify the proposed action before CRM, billing, or payments change—then branch on a single verdict.

[ AI Agent Proposes Action ]
             ↓
[ BiDigest verify API ]
             ↓
     One verdict per verify call
             ↓
┌───────────────┬────────────────┬───────────────────┐
│  APPROVED     │   REJECTED     │  REVIEW_REQUIRED  │
└───────┬───────┴────────┬───────┴─────────┬─────────┘
        │                │                 │
   (executes route)  (hard stop)     (pauses canvas)
        │                │                 │
        └────────────────┴─────────────────┘
                         ↓
           [ Receipt logged · receipt_id ]

Developer path: POST /api/v1/admissibility/verify — copy-paste recipes on this site.

Examples: AI actions → verdicts

Train clients to think in operational authorization—not chatbot moderation.

Monitoring is not authorization.

AI action	Verdict
Approve $5,000 refund	REVIEW_REQUIRED
Delete CRM contact	REJECTED
Read FAQ / low-risk lookup	APPROVED
Trigger invoice payment	REVIEW_REQUIRED
Escalate support ticket with billing change	REVIEW_REQUIRED

Why AI workflows now require authorization

Why agencies are adding approval infrastructure

AI workflows are moving from generating text to changing records, approving payments, and triggering operational actions.

Clients increasingly ask: “What controls the action?” Agencies that ship authorization look responsible—not reckless.

Monitoring after the fact is no longer enough for higher-trust client deals
Shipping without approval infrastructure will eventually look negligent to procurement

Observe → Review → Enforce rollout

Start lightweight

Pick a mode—no policy workshops on day one. Most agencies begin with Observe or Review; add Enforce when clients require hard stops.

APPROVEDREJECTEDREVIEW_REQUIRED

Mode	What happens
ObserveNow	Log receipts only
ReviewNow	Pause risky actions
EnforceOpt-in	Stop on REJECTED

More workflow examples

Real agency use cases

Refund approval bots
Auto-approve small refunds; REVIEW_REQUIRED above your threshold.
AI SDR workflows
Gate outbound sends and CRM writes before they hit production.
CRM enrichment agents
Block destructive updates; approve high-impact field changes.
Support escalation agents
Pause ticket actions that need a human sign-off.
Insurance claim review flows
Receipt every decision for regulated client accounts.
Invoice approval agents
Verify payment and billing actions before execution.

Partner onboarding

Get started in under 5 minutes

Trust signals agencies use in decks, workflows, and client QBRs—partner intake unlocks co-branding.

Protected by BiDigestWorkflow trust mark
Approval receipts enabledPer-run proof
Human review enforcedREVIEW_REQUIRED path

Connect, pick a workflow type, copy a recipe, run a live verify—no policy mapping on day one.

1. Protect your first workflow — Partner intake provisions your org and API key. Protect your first workflow
2. Pick a workflow type — Refunds, CRM, claims, payments, or internal ops.
3. Copy an integration — curl, n8n, Make, or TypeScript. Open HTTP recipes
4. Run a live verify — Simulator or your stack—every run returns a verdict + receipt_id. Try a live verify
5. Ship to every client — Add the same verify call to every client template; console shows REVIEW_REQUIRED queue. Agency console

Protected workflow templates

Download n8n JSON from recipes—refund and CRM update agents ship today; more packs follow demand.

Protected Refund Agent (shipped)
Protected CRM Update Agent (shipped)
Protected Invoice Approval Flow
Protected SDR Agent
Protected Claims Review Flow

Agency console

Integration recipes

No marketplace download—use HTTP Request (n8n), Webhook (Make), or POST (Zapier) with the curl body below.

Open full HTTP recipes (curl, n8n, Make)

Starter rules (included)

Defaults ship in code—customize via verifyIntent thresholdRules. No framework workshop required.

Workflow	Default	Outcome
Refund over $500	Human review before bind	REVIEW_REQUIRED
refund_approval / wire_transfer / coverage_change	Always review	REVIEW_REQUIRED
CRM contact delete	Deny in examples	REJECTED
Policy / FAQ lookup	Auto-approve when API allows	APPROVED

Developer docs

n8n · Make · Zapier · LangChain · OpenAI Agents SDK · CrewAI · Flowise · custom backends

Architecture (one call)

AI agent / workflow
    → BiDigest verify API
    → APPROVED | REJECTED | REVIEW_REQUIRED
    → CRM · ERP · payments · claims

Copy-paste examples

Verify from your backend—map to APPROVED, REJECTED, or REVIEW_REQUIRED.

{
  "admissibility_status": "APPROVED",
  "reason_code": "200_ADMITTED",
  "decision_receipt": { "receipt_id": "rcpt_84721…" }
}

Verify endpoint: POST /api/v1/admissibility/verify

[COMING SOON] Typed npm SDK for agencies. Today: copy fetch or curl below (works with any stack).

curl -sS -X POST "https://bidigest.com/api/v1/admissibility/verify" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "jurisdiction": { "regionCode": "us-fed", "industrySector": "financial" },
    "intent": {
      "agentId": "agency-agent:client-acme",
      "actionType": "refund_approval",
      "proposedPayload": { "action": "refund_approval", "amount": 500, "clientId": "client-acme" }
    },
    "sessionContext": {
      "sessionId": "session-acme-refund-001",
      "userId": "support_agent",
      "sessionStartTime": "2026-05-17T12:00:00.000Z"
    },
    "groundTruthBinding": {
      "domain": "agency-automation-demo.bidigest.com",
      "regulatoryId": "AGENCY_AUTOMATION_DEMO_V0"
    }
  }'

Demo policy defaults (integrators): agency-automation-demo.bidigest.com · AGENCY_AUTOMATION_DEMO_V0

When the verdict is REVIEW_REQUIRED

Branch on REVIEW_REQUIRED—not only HTTP 403.
Notify a human (Slack, email) with receipt_id.
Continue or stop after human decision.

What BiDigest is not

— Not an LLM vendor or chatbot platform
— Not observability-only or a blended AI safety score
— Not native n8n, Make, or Zapier marketplace connectors (HTTP only today)
— Not day-one governance transformation or policy workshops
— Not kernel or network severance on this page—API verdict branching in your workflow

Enterprise deployments

Same verify API for higher-trust programs—separate enterprise hub for audits and trustee paths (not required for agency HTTP integrations).

Enterprise governance hub · Legacy visibility agency program

What changes for your agency

See it on a real workflow

What happens on REVIEW_REQUIRED?

Start with one protected workflow

How it works

Your AI workflow proposes an action

BiDigest returns a verdict

You store the execution receipt

5-minute integration

Works inside workflows built with

Learn the operational model

Inline authorization check

Examples: AI actions → verdicts

Why agencies are adding approval infrastructure

Start lightweight

Real agency use cases

Refund approval bots

AI SDR workflows

CRM enrichment agents

Support escalation agents

Insurance claim review flows

Invoice approval agents

Get started in under 5 minutes

Protected workflow templates

Starter rules (included)

Developer docs

Architecture (one call)

Copy-paste examples

When the verdict is REVIEW_REQUIRED

What BiDigest is not

Enterprise deployments