nuvouch
Home
§ Documentation · v1

Introduction

Nuvouch lets your app ask the user “Should this happen?” before any critical action executes.

Getting started Integration guideHTTP API referenceWebhook reference
§ 01 — Quickstart

Quickstart

Integrating Nuvouch follows one simple pattern:

  1. Link the user once if you plan to target approvals by business subject.
  2. Create an approval request from your server.
  3. Wait for the signed callback from Nuvouch.
  4. Execute or block the action based on the user decision.
Minimal integration shape
node sdk
const approval = await client.createApprovalRequest({
  targetSubject: {
    subjectId: "cus_123",
    contextKey: "merchant:acct_live_001",
  },
  externalRequestId: "payment_auth_001",
  title: "Approve payment",
  summary: "Stripe needs the customer to confirm a high-risk payment.",
  requestedFor: "Payment authorization",
  actor: {
    id: "payments_agent_01",
    name: "Stripe Payment Agent",
    subtitle: "Payments risk workflow",
    avatarLabel: "ST",
  },
  context: {
    kind: "digital-service",
    title: "Card payment",
    reason: "High-risk payment requires customer confirmation",
    expiresAt: "2026-04-21T18:00:00.000Z",
    referenceCode: "pi_123",
  },
  risk: {
    level: "high",
    summary: "Customer confirmation required before capture",
  },
  actions: [
    { label: "Approve payment", value: "approve" },
    { label: "Deny payment", value: "deny" },
  ],
  amount: "$84.00",
});

// wait for signed callback
// capture or block based on decision
§ 02 — What it is

What is Nuvouch?

Nuvouch is an approval infrastructure that sits between an action and its execution. It allows integrators like payment platforms, APIs, and services to request user approval before completing sensitive operations. Nuvouch is not the payer, the merchant, or the payment processor in those flows.

§ 03 — When to use it

When should you use Nuvouch?

Use Nuvouch when your system needs to answer:

  • Should this payment really happen?
  • Should this AI agent be allowed to act?
  • Should this request be trusted?
§ 04 — Core concept

Approval before execution

Your system does not blindly execute actions. It asks the user first.

§ 05 — Example

A real example

Imagine a billing agent initiates a charge through Stripe. Instead of capturing the payment immediately, Stripe sends an approval request to Nuvouch.

Nuvouch delivers that request to the user’s trusted device. The user approves or rejects it in real time. Nuvouch then sends a signed callback back to Stripe so the payment can be captured or blocked.

Approval flow
conceptual
AI Agent
  ↓
Stripe (Integrator)
  ↓
Nuvouch (approval request)
  ↓
User Device (approve / deny)
  ↓
Nuvouch (signed callback)
  ↓
Stripe captures or blocks payment
§ 06 — Flow

How Nuvouch works

  1. Action is initiated by an app, API, workflow, or AI agent.
  2. Your backend requests approval by sending the request to Nuvouch.
  3. Nuvouch notifies the user on their trusted device.
  4. The user approves or rejects in real time.
  5. Nuvouch returns the decision using a signed callback.
  6. You execute or block the action based on the callback.

Agent → Stripe → Nuvouch → User → Nuvouch → Stripe

§ 07 — Actors

Who are the actors?

Integrator

Your platform, such as a payment provider, API, or service.

  • Create approval requests.
  • Handle signed callbacks.
  • Execute or block actions.

User

The end user with a Nuvouch account and trusted device.

  • Receive approval requests.
  • Approve or reject actions.
§ 08 — Why Nuvouch

Why Nuvouch?

Without Nuvouch, actions happen automatically, users lose control, and fraud or mistakes become harder to prevent.

With Nuvouch, every sensitive action can be verified before execution, users stay in control, and systems become safer and more reliable.

§ 09 — Why not OTP?

Why not use OTP or 2FA alone?

OTP and traditional 2FA confirm access, but they usually do not describe the exact action being approved. Nuvouch is contextual: the user sees what is about to happen, who initiated it, and can approve or reject it before execution.

§ 10 — Runtime

What if the user does nothing?

Approval requests should be treated as time-bound. If the user does not respond, the request can expire and your system should handle that outcome just like an approval or denial.

  • Show pending state while the request is active.
  • Handle expiry as a terminal outcome.
  • Decide whether to retry, cancel, or ask the user again later.
§ 11 — Integration overview

Integration overview

  1. Create an approval request from your server.
  2. Wait for the signed callback.
  3. Verify the callback.
  4. Execute your business logic only after the verified decision.
§ 12 — Page index

Choose the right page

  • Getting started covers provisioning, callback setup, first-run flow, and the retry contract around externalRequestId.
  • HTTP API reference gives you the raw endpoints, request payloads, response shapes, and stable error codes.
  • Node SDK reference covers the typed client, helper utilities, and server-side callback verification helpers.
  • Webhook reference documents signed delivery verification, deduplication, retry behavior, and lifecycle events.
  • Integration guide walks through the end-to-end payment authorization flow from subject linking to verified execution.
§ Next

Build with approval, not assumptions.

Start with an approval request, verify the signed callback, and make execution conditional on the user decision.

Getting started Integration guideHTTP API reference