
Show HN: ApproveAPI – Real-Time user approvals via email, SMS, and push - cyanflux
https://approveapi.com
======
dosy
I wish I built this. this is a great idea. it's simple and useful it's
something I could have built myself in a couple of weeks and it aggregates a
lot of business useful functionality into one place. I'm putting this in my
list of businesses that are good ideas because they factor out internal
projects repeated across many companies.

Reading the comments here it seems a lot of people are triggered. instead of
acknowledging the idea is good and they wish they had build at themselves,
they are in denial dismissing it's utility by saying it won't work as a
business, or they could build it internally. I say this in the Spirit of a
good hn comment is something we can learn from and I believe people can learn
from examining their own reactions. it seems the denial and dismissal simply
serves to make one feel better about the realisation that they missed the
chance to build this even though they could have and it is a good idea. so
instead of facing that feeling and learning something useful they "alter
reality" by downplaying the idea is good to limit the pain.

my point is that that's not a very useful response because it neutralizes the
opportunity that could be something to learn from. and I guess if you do this
pattern of behaviour enough then, you stop yourself learning many times miss
the chance to create things you want and maybe get addicted to this reaction
of altering reality to feel better rather than learning something to get a
result.

~~~
wjossey
I appreciate your defense of these folks. It’s a kind gesture with great
intent behind it. My response in no way takes away from the spirit of your
post.

I think the core of why people are responding how they are is that there’s not
a big moat here, yet. You mention people being triggered due to missing out on
their opportunity to build it- but in reality someone can just knock these
folks off after a couple of weekends. That’s not to say the tech here
shouldn’t exist, or that this isn’t a business. It is, I’d pay for it, I just
wouldn’t pay for long. That’s ok though, it’s just a specific type of
business.

I hope they stumble across something sticky in their solution that makes them
painful to replicate. These sorts of utilities are always welcome and they
make bootstrapping faster and faster every year.

------
wjossey
Hit y'all up on intercom but leaving my feedback here as well.

I built this out internally for my app, and it took me a little over a day to
do it. Had this existed when I built it out, I absolutely would have just paid
a buck per 100 emails to save myself time; however, I don't think it's a
challenging enough problem on its surface to keep someone from re-writing it
and replacing you long term. All that being said, it's a good foundational
product, and hopefully you'll add some more features that make it sticky /
become aggressive on pricing at scale.

Best of luck!

~~~
everdev
> I don't think it's a challenging enough problem on its surface to keep
> someone from re-writing it and replacing you long term

Agreed, it's nice to get something up and running for a personal project, but
I'm building a commercial app that has to pass a basic security audit and
every 3rd party service adds another attack vector and potential leak of
sensitive data (like name, Email & phone).

I love the idea of being able to run a service like this though that's
basically a set and forget hackathon project.

------
chaosprophet
Wow, $1 for 100 emails is very very very very expensive. So expensive that I'd
opt to build this in house rather and take on the costs associated with it and
still come out saving money.

It's a pretty solid idea otherwise.

~~~
davedx
> I'd opt to build this in house rather and take on the costs associated with
> it and still come out saving money

This seems to be the default position of almost everyone in IT, everywhere I
go. People make this claim without doing any calculations.

I can imagine building this in house would be at least a few weeks of
developer work and some more devops. That's tens of thousands of dollars.
You'd have to send a million emails to break even. How many of this kind of
transactional email do you send per year?

~~~
anitil
It's a crazy calculation. For mass marketing it'd be outrageous. But for
mission-critical business flows? It's a rounding error.

~~~
crsv
Anyone that’s at a scale where this is connected to business certical
workflows is likely equipped to build this in house at a fraction of the cost.
In terms of level of effort, this product itself is a rounding error.

~~~
chii
Let's say there's a need to approve 10 things a week, each needing a 5 person
approvals.

That's $2 per month of cost.

A developer costs $150k a year, and if it takes a month to develop, you could
have the service for some 5000 months.

In-house developers should focus on the business domain, not on custom
building business processes.

~~~
dsl
Go talk to your vendor management team about getting a $2/mo contract signed.
What does support look like because if this goes down at 2 AM, business is
impacted.

Legal needs to review because it is sending employee PII (emails, phone
numbers, etc) to a third party, who now knows the individuals in critical
"approval roles".

Next hit up security and have them do an audit since this is going to be part
of a security control. For bonus points, the internal pentest team finds a
bypass that ApproveAPI needs to fix.

Your $150k a year developer is now spending 3-5 hours a week for 3 weeks
shepherding a vendor onboarding for something they could have built and tested
in a few hours.

~~~
jedberg
Yes but your internal developer still needs to go through legal and security
for the same reasons, as well as the internal pen test. The only thing you get
to skip is vendor management.

And in most cases, vendor management isn't going to get involved for something
that will be expensed on a credit card for $2/mo

------
sanjeevkm
Small Suggestion

In the `POST /prompt` endpoint provide a way to pass metadata that does not
need to be shown to the user, and return that back in the prompt answer object
sent in the webhook/callback.

This is helpful in cases, where I want to send some internal transaction or
event reference codes that will help me to properly co-relate the answer into
my flow.

Best of luck!

~~~
4kevinking
Thanks for the suggestion! This is on our product roadmap.

One way to track users is also to specify approve/reject redirect urls with
random tokens (though we agree that private metadata is more ergonomic in this
case).

------
nickphx
How do you prevent email/web filtering applications that "scan" email/web URLs
from triggering the confirmation/denials?

------
jteppinette
A useful feature for a service like this is being able to set delegates both
from the producer and consumer side. For example, if the person I sent the
notification to doesn’t respond in <time window>, then send a request to this
person (potentially their manager / emergency contact / etc...) . And, as
someone receiving notifications, set another person as my delegate for a
certain time window and for a specific application. This is what we have to
deal with to handle OOO scenarios.

------
hipjiveguy
I think it looks good but needs examples of something other than just "yes/no"
dialogs, or maybe all use cases are boiled down to that?

If not, you should include detailed examples for

"Send magic sign-in links, two-step verification, re-authenticate long-lived
sessions, new device confirmations, verify identity for lost accounts or
customer support."

------
IanCal
Looks good, quick testing seems to suggest it works pretty smoothly.

Small point, I'm not in the US so it'd be good to see the international SMS
prices. There's no link I could see on the main page and the one after signing
in doesn't resolve: [https://dashboard.approveapi.com/full-sms-
pricing](https://dashboard.approveapi.com/full-sms-pricing)

edit -

With customisation, can I put in links? Pictures?

~~~
agrinman
Thanks! Oops, fixing the link now. We simply just pass along our at-cost price
for sending an SMS via Twilio:
[https://www.twilio.com/sms/pricing/us](https://www.twilio.com/sms/pricing/us).

Re: customization, we're quickly adding more customizations like
colors/images, etc. Currently you can add a logo for your company, and
customize all the text on the approval (approve text/reject
text/title/body/etc). You can also specify redirect on {approve, reject} links
to take the user somewhere after they answer the prompt.

~~~
IanCal
Thanks! Bear in mind this is coming from a likely extremely low use user, but
supporting links in the text that's sent may solve most problems other
customisation would be used for when it comes to content (rather than look &
feel).

FWIW, my current use-case I'd like to put in here is that I've got some auto-
generated art based on user inputs that I'll be shipping off. There's some
stuff that could go wrong, so having a final check before the order goes in
would be great.

Currently the workflow would be

Auto generate

I check occasionally, manually set the order to go.

I'd like to change it to

Auto generate -> send me either the picture itself or a link to it, I hit
approve/reject -> order completed automatically

For ~1 cent per order, it's not worth me even getting email alerting setup.

~~~
agrinman
You can put links in the body of the request, most mail clients should render
them without a problem

~~~
IanCal
And there was me trying to be fancy adding in HTML. That works great, I'll
integrate it all tonight, thanks :)

------
timvdalen
Really cool!

Some small feedback:

* The code in the "Test it in the Console" section is missing \'s, so you can't actually copy paste it as is now.

* The demo on the homepage suggests that there's some magic dynamic stuff happening in the email, which makes the actual email a bit of a letdown (though this is understandable)

~~~
4kevinking
Thanks for the feedback! You can copy an escaped version by clicking the icon
in the upper-right.

------
jteppinette
The OpenAPI link is returning a 404. [https://approveapi.com/docs/open-api-
spec-2.0.json](https://approveapi.com/docs/open-api-spec-2.0.json)

~~~
agrinman
Oops that's an outdated link, will fix asap. In the mean-time here is the
spec: [https://github.com/approveapi/openapi-
spec](https://github.com/approveapi/openapi-spec)

------
sshmania
Interesting that you can use this for two-man rule...especially since this api
is real-time. I'm having trouble thinking of scenario where I would use this
feature at my company, but cool nonetheless

~~~
thedangler
two man rule?

~~~
sshmania
On the site it's called multi-person approvals, but this is the other name for
it [https://en.wikipedia.org/wiki/Two-
man_rule](https://en.wikipedia.org/wiki/Two-man_rule)

------
lapnitnelav
"ApproveAPI uses HTTP Basic Authentication where the username is your API key
and the password is blank."

I'm not too fond of the lack of API password tbh. Cool idea otherwise.

------
lfx
Looks cool!

Can this be used for phone number verification? If so how this would work? The
user would get a text with a link? Or shortcode?

~~~
agrinman
Yes! The user would get a text with a link.

------
mjortberg521
The email in the video on the site looks too much like a phishing attempt to
me.

~~~
4kevinking
That's a mocked-up css animation, not a video of the actual email. Feel free
to try the demo in the API dashboard to see the full UX.

------
braindumps
This is neat but I wonder if companies would just build this themselves
instead?

~~~
sshmania
We built some of this functionality internally 6mos ago. Wish I had seen this
then...

~~~
oferzelig
So ship it as a product. Offer competition.

------
RossDM
I like the API documentation formatting; how was this created?

~~~
lfx
It seems it's made with slate ->
[https://github.com/lord/slate](https://github.com/lord/slate)

~~~
RossDM
Nice, thank you!

