The moment somebody must say yes.

The consent
layer for
every
privileged action.

Nuvouch is human-in-the-loop consent infrastructure: one trusted app for people who approve, one integrator surface for teams that need a signed decision back. Doors, agents, payments, and every other privileged action—same flow.

Integrate Nuvouch→See how it works

trusted app for users

API for integrators

∞

places to say yes

9:41

Nuvouch

ACME · Treasury automationHIGH

Authorize $4,820 wire

Recipient: Vendora Ltd · IBAN ••• 4471

SCOPEverified ✓

single transaction · expires in 58s

context, not a code

device-bound · signed

01DOORS●02AGENTS●03WIRES●04VISITORS●05TOOL-CALLS●06SMART LOCKS●07PRIVILEGED OPS●08GUEST WI-FI●09BOOKINGS●10PAYMENTS●11IoT CONTROL●12AI WORKFLOWS●01DOORS●02AGENTS●03WIRES●04VISITORS●05TOOL-CALLS●06SMART LOCKS●07PRIVILEGED OPS●08GUEST WI-FI●09BOOKINGS●10PAYMENTS●11IoT CONTROL●12AI WORKFLOWS●

01 — Problem

Approval today is a mess.

Fragmented for users. Reinvented by every builder. Weak where it should be strongest—and agents are about to multiply the volume.

01 / 08

12 vendor apps

one per venue

02 / 08

SMS code at 2am

is this real?

03 / 08

Email link

expired, again

04 / 08

Slack DM

/approve yes

05 / 08

Phone call

say your DOB

06 / 08

"Click yes"

from an agent

07 / 08

Magic link

in three tabs

08 / 08

Push from ???

no context

FOR USERS

One inbox. One trust surface. One biometric pattern. One audit history.

FOR BUILDERS

One API to request consent. One signed callback for the outcome.

FOR THE AGENT ERA

A standard place to pause a workflow and get a fast, human-grade decision.

02 — Lifecycle

The consent ceremony, in five steps.

A challenge-response system, not a notification feed. Server-created, device-resolved, biometrically-confirmed, signed and audited.

01
Integrator creates request
Signed payload: action, scope, target subject, expiry, risk tier.
02
Nuvouch resolves user + device
Maps your subjectId → trusted, registered device session.
03
Context-rich prompt delivered
Push and in-app realtime to the user’s universal inbox—who, what, why, scope.
04
Approve or deny on device
Biometric confirmation. Action-bound signing. App Attest where required.
05
Decision recorded + returned
Verifiable record. Signed webhook callback. Full audit timeline.

03 — Surfaces

Wherever a real human must say yes.

One app. One trust surface. One biometric pattern. One audit history — across every venue, vendor, and agent in your life.

PHYSICAL⌂

Doors, visitors, spaces.

Buildings, co-working guest access, smart locks, visitor management. The bouncer in everyone’s pocket—without another vendor app.

→ HQ entry
→ Guest passes
→ Smart locks
→ Asset rooms

AGENTS◈

AI actions, supervised.

Pause an agent's workflow for one human tap. Purchases, bookings, tool calls, privileged operations — all scoped, time-boxed, signed.

→ Tool calls
→ Wires & cards
→ Booking & travel
→ Privileged ops

DIGITAL✦

Sensitive everything else.

Guest Wi-Fi, IoT control, remote sensitive operations, customer-support overrides — anything where SMS or email is too weak.

→ Guest Wi-Fi
→ IoT control
→ Support overrides
→ Remote ops

04 — Platform

Five layers.
One integration.

You would otherwise rebuild every one of these in-house: approval UX, push, audit, device trust, rules. Nuvouch ships them as one platform.

Integrator platform

Public API, webhooks, credentials, tenants/environments, delivery & callback contracts.

Approval engine

Create/validate, state machine, expiry, approve/deny, rules — the consent core.

Delivery layer

Push, in-app realtime, retries & fallbacks, device targeting.

User trust layer

Sign-in, device registration, biometrics, notification preferences, smart rules.

Audit & compliance

Request log, decision timeline, callback log, policy & rule history.

05 — Developers

Easier than building it
in-house. By a lot.

Create an approval request over HTTP, then wait for a signed webhook when the user decides. Link your subjectId to a person once (QR or short code), then target them with targetSubject: { subjectId }—not raw Nuvouch user ids.

✓Signed integrator requests · expiry · nonce semantics
✓Trusted device registration · proof-of-possession
✓Action-bound approval signing · App Attest in production
✓Webhook callbacks · signed · dedupe headers
✓Full audit trails · integrator identity kept separate from end users

POST /v1/integrator/approval-requests

200 OK · 142ms

await fetch(`${NUVOUCH_BASE}/v1/integrator/approval-requests`, {
  method: "POST",
  headers: {
    "x-api-key": apiKey,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    targetSubject: {
      subjectId: "cus_8af21",
      contextKey: "merchant:acct_live_001",
    },
    externalRequestId: "checkout:wire_4820",
    title: "Authorize $4,820 wire",
    summary: "Recipient: Vendora Ltd · IBAN ••• 4471",
    requestedFor: "Treasury · outbound wires",
    actor: {
      id: "wf-treasury",
      name: "Treasury",
      subtitle: "Policy payout queue",
      avatarLabel: "TR",
    },
    context: {
      kind: "digital-service",
      title: "Wire authorization",
      reason: "Over same-day auto-approval limit",
      expiresAt: "2026-04-19T15:00:00.000Z",
      referenceCode: "wire_4820",
    },
    risk: {
      level: "high",
      summary: "New beneficiary + high value",
      checks: ["iban_verified"],
    },
  }),
});

// → push to the user’s device · signed webhook on approve/deny

{ "approvalRequest": { "id": "req_01HZ…", "status": "pending",
  "context": { "expiresAt": "2026-04-19T15:00:00.000Z" } } }

06 — Trust

A challenge,
not a notification.

Every request is server-created and server-resolved. The user's device proves possession. The decision is recorded with cryptographic certainty — and returned to you with a signed callback you can verify and dedupe.

Replay protection

Nonce + expiry

Identity separation

Integrator ≠ end-user

Push tokens

Bound to identity

High-risk policy

Attestation required

Trust tiers

Unverified

Channel exists. Not used for real approvals.

Key-proof verified

Device key proven. Ordinary approvals.

Platform-attested

App Attest / Play Integrity. High-risk allowed.

Fresh + bound

Action-bound signing with freshness. Wires, doors, agents.

Audit timeline · req_01HZ8K…

14:02:09.112request.createdACME · Treasury automation
14:02:09.184delivery.pushios · device_82af
14:02:10.601user.viewedcontext shown
14:02:11.044user.approvedbiometric · attested (iOS)
14:02:11.092callback.signeded25519 → acme.dev

07 — Begin

Integrate once.
Approve forever.

Request integrator access→Nuvouch.com ↗

1 SDK

create + listen

1 webhook

signed + deduped

1 inbox

for every user

The consentlayer for everyprivileged action.