Approval Workflow
Require external approval before publishing scheduled posts. Perfect for client sign-off, manager review, or compliance checks — the approver doesn't need a PostRite account.
How It Works
The approval workflow adds a review step between scheduling and publishing. When enabled, scheduled posts wait for an external person to approve them before they go live.
Create post
Enable approval & enter reviewer email
Pending
Post enters Pending Approval status
Email sent
Reviewer receives approval request
Reviewed
Reviewer approves or rejects
Scheduled
If approved, post is scheduled
Enabling Approval
- Create or edit a post as usual
- Toggle Require Approval in the post editor
- Enter the approver's email address — this can be anyone (client, manager, colleague), they don't need a PostRite account
- Set your desired schedule date and time
- Click Schedule Post
The post will be saved with Pending Approval status instead of going directly to Scheduled.
Note: The approval toggle is optional. If you don't enable it, posts are scheduled immediately as usual — no workflow change.
The Approver Experience
The person you designate as approver will receive an email with:
- A summary of the post content
- Which platforms it will be published to
- The scheduled date and time
- A preview of attached media (images/videos)
- Your organization name and who created the post
The email contains a secure link that opens a review page where the approver can read the full post and take action:
- Approve — The post moves to Scheduled status and will publish at the planned time
- Reject — The post moves to Rejected status, with an optional note explaining why
Post Statuses
When using the approval workflow, your post will go through these statuses:
| Status | Meaning | What happens next |
|---|---|---|
| Pending Approval | Waiting for the approver to review | Approval email has been sent |
| Scheduled | Approved — will publish at the planned time | Automatic publishing |
| Rejected | Approver declined the post | You can edit and resubmit for approval |
After a Rejection
If your post is rejected, you'll receive an email notification with the approver's feedback (if they provided a note). You can then:
- Open the rejected post
- Review the rejection note
- Edit the content, media, or platforms as needed
- Click Resubmit for Approval to send a new approval request
Each resubmission generates a fresh approval link — previous links are automatically invalidated.
Token Expiration
Approval links expire automatically for security:
- Links expire 72 hours after being sent, or before the scheduled publish time — whichever comes first
- If the link expires without action, the post stays in Pending Approval status and will not publish
- You'll receive a notification if an approval request expires
- You can resend the approval email at any time from the post editor
Notifications
Both the post creator and the approver receive email notifications at key moments:
| Event | Creator notified | Approver notified |
|---|---|---|
| Post submitted for approval | — | Email with review link |
| Post approved | Email confirmation | Confirmation on review page |
| Post rejected | Email with rejection note | Confirmation on review page |
| Approval expired | Email reminder | — |
Security
The approval workflow is designed with security in mind:
- Signed tokens — Approval links use HMAC-signed tokens, not guessable IDs. Only the email recipient can access the review page.
- One-time use — Once approved or rejected, the link is invalidated. Clicking it again shows a "You already responded" message.
- Auto-expiration — Links expire after 72 hours or before the scheduled time, preventing stale approvals.
- No account required — Approvers don't need to create an account or log in, reducing the attack surface.
- Content privacy — The review page shows post content and media previews but does not expose internal URLs or organization data.
- Rate limiting — Approval endpoints are rate-limited to prevent abuse.
Use Cases
- Client approval — Social media agencies can send posts to clients for sign-off before publishing
- Manager review — Team members can route posts to managers for approval
- Compliance — Regulated industries can require legal or compliance review before posting
- Brand consistency — Ensure all content meets brand guidelines before going live
Tip: The approval workflow works great with templates. Create approved templates for recurring content, and only require approval for new or one-off posts.
Frequently Asked Questions
Can I approve my own posts?
Yes. You can enter your own email as the approver. You'll receive the approval email and can approve from there. This is useful for a "review before publish" workflow.
Can I change the approver after submitting?
Yes. Open the post, change the approver email, and click Resend Approval. The previous link is invalidated and a new one is sent to the new email.
What if the approver never responds?
The post stays in Pending Approval status and will not publish. You'll receive an expiration notification after 72 hours. You can then resend the request or remove the approval requirement.
Does the approver see my media files?
Yes, the review page shows image and video previews so the approver can see the complete post. Media is served through secure proxy URLs — original file URLs are never exposed.
Is approval required for all posts?
No. Approval is opt-in per post. You toggle it on only when you need external review. Posts without approval enabled are scheduled immediately as usual.