NORNR mark NORNR Mandates, approvals and evidence for autonomous agents.
Control room

Guide / Vendor actions

9 minutes

How to add human approval before an agent hits a vendor API

Pause agent-driven vendor API calls for human approval when they cross a risk or spend threshold.

Updated March 17, 2026
Pattern Vendor actions
Outcome Policy returns approved, queued or rejected before spend moves.
You will add
  • a clean approval threshold before external vendor calls
  • a queue state for operator review
  • a safer default than direct autonomous vendor execution
Best for
  • agents that can trigger paid vendor actions
  • teams rolling out vendor automation cautiously
  • operators who need exception review

1. Why this guide matters

Vendor APIs often look like normal tool calls in development and like procurement risk in production. The safest pattern is to pause only the calls that cross a threshold.

NORNR gives you that pause point without forcing every request through a human.

2. Install what you need

bash 
npm install @nornr/sdk

This guide uses the hosted NORNR path at https://nornr.com, so you can validate the decision flow without standing up the full local stack first.

3. Create the governed wallet

typescript 
import { Wallet } from "@nornr/sdk";

const wallet = await Wallet.create({
  owner: "vendor-agent",
  dailyLimit: 100,
  requireApprovalAbove: 50,
  baseUrl: "https://nornr.com",
});

This wallet is the mandate. It sets the budget and review threshold before the framework-specific workflow is allowed to continue.

4. Apply it in the workflow

typescript 
const decision = await wallet.pay({
  amount: 61,
  to: "vendor-api",
  purpose: "external vendor action",
});

if (decision.status === "approved") {
  await fetch("https://vendor.example.com/orders", { method: "POST" });
} else if (decision.requiresApproval) {
  console.log("Hold for operator approval", decision);
} else {
  console.log("Blocked by policy", decision);
}

The key pattern stays the same across frameworks: ask NORNR for a decision first, then let the expensive or externally billable step run only if policy says yes.

5. What to expect

  • approved means the workflow can continue immediately inside its mandate.
  • queued means the request crossed an approval threshold and should wait for review.
  • rejected means policy did not allow the action to proceed.

That three-way split is what makes the pattern useful: low-risk work stays fast, higher-risk work becomes reviewable, and clearly out-of-policy work never leaves the workflow.

6. Where to go next

Related guides

Keep going from the same control problem.

These are the closest follow-up guides in the same part of the library.

LangChain / 10 minutes

How to give your LangChain agent a budget in 10 minutes

Add a governed wallet, budget threshold and decision handling to a LangChain workflow with NORNR in 10 minutes.

Read guide OpenAI Agents SDK / 10 minutes

How to add approval rules to an OpenAI Agents SDK workflow

Add approval thresholds to an OpenAI Agents SDK workflow so expensive or risky steps pause before money moves.

Read guide LangGraph / 12 minutes

How to gate paid tool calls in LangGraph

Gate paid LangGraph tool calls with NORNR so graph edges only reach expensive actions after policy says yes.

Read guide

Next move

Prove the path, then wire it into your real workflow.

Start with the hosted quickstart if you want the fastest confirmation, or open the control room to see how approvals and evidence behave in the live operator surface.

Start in 5 minutes Open control room Back to guides