Your automation. A human. A callback.

Your workflow creates a task, pauses, routes the decision to a real person, Taskbox sends an HMAC-signed callback when they approve or reject.

Your systemHuman decidesSigned callback

Start free Log in

No credit card required.

Your automation shouldn't ship without a human

Refunds, customer emails, deletions, deploys - some actions are too costly to leave fully automated. Taskbox is the missing approval layer: one API to pause your flow, one UI for the human, one signed callback when they decide.

REST API in

POST a task with title, description, assignees, and a callback URL. Anything that speaks HTTP - agents, n8n, cron, your own services.

Human approves

Route a single task to one or many approvers. First decision wins. Owners manage keys and members; members resolve tasks.

Signed callback out

HMAC-signed POST to your URL when a human decides. Per-key signing secret, at-least-once delivery, retries with backoff, idempotency key on every call.

If it speaks HTTP, it works with Taskbox

Taskbox is a protocol, not a fixed integration list. Anything that can POST a request and receive a webhook fits in - n8n is just one example.

Send tasks from

AI agents (Claude, GPT, custom)

n8n, Zapier, Make

Cron jobs and shell scripts

Backend services (Go, Python, Node…)

GitHub Actions and CI pipelines

Taskbox

Receive callbacks at

Webhook endpoints in any framework

n8n, Zapier, Make webhook nodes

Lambda, Cloud Functions, Workers

Slack and Discord bots

Anything behind a public URL

How it fits in your stack

Step 1
Sign up
Create an account. Create a workspace to manage api keys and members.
Step 2
Generate an API key
Open workspace → API keys. Generate an API key to identify your automation system.
Step 3
POST a task from your automation
From n8n, an agent, a cron job, anything - POST to /api/v1/tasks with a title, assignee emails, and a callback URL.
Step 4
A human decides
Assignees see the task in Taskbox and approve or reject. Taskbox POSTs the HMAC-signed decision to your callback URL.

Try the protocol

YouTaskbox

curl -X POST https://taskbox.dev/api/v1/tasks \
  -H "Authorization: Bearer $TASK_RELAY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Approve refund for order #4821",
    "description": "Customer requested a $240 refund. Policy - $200 without review.",
    "priority": "high",
    "assigned_to_emails": ["[email protected]"],
    "callback_url": "https://n8n.acme.com/webhook/Qmf4ug#Rbt",
    "metadata": {
      "order_id": "4821",
      "customer_email": "[email protected]",
      "amount_usd": 240,
      "reason": "shipping damaged"
    }
  }'

metadata is freeform - pass anything your workflow needs and Taskbox echoes it back on the callback.

TaskboxYou

POST https://n8n.acme.com/webhook/Qmf4ug#Rbt
Content-Type: application/json
X-Signature: sha256=8f3c2bd1a4e7c91f0d6b8e2a5c1d4f7a9b0e3c5d2f8a1b4e7c9d0f3a6b8e2c5d
X-Event-Id: 0193c8e2-7b1a-7b21-9f31-6ad8e72c4f10
User-Agent: taskbox-callback/1

{
  "version": "1",
  "event_id": "0193c8e2-7b1a-7b21-9f31-6ad8e72c4f10",
  "task_id": "0193c8e1-1aa4-7b21-9f31-2c6b8d4e0a10",
  "task_title": "Approve refund for order #4821",
  "status": "approved",
  "comment": "Verified damage photos. Approved.",
  "resolved_by": "[email protected]",
  "resolved_at": "2026-05-02T14:32:01Z",
  "metadata": {
    "order_id": "4821",
    "customer_email": "[email protected]",
    "amount_usd": 240,
    "reason": "shipping damaged"
  }
}

Verify X-Signature with your API key's signing secret. Dedup retries on event_id - it's stable across delivery attempts.

There's more in the box.

Workspaces, roles, multi-assignee routing, callback monitoring, retries, audit log, history, and a few more things you'd expect from a tool you'd actually trust in production.

Open the box

Ready to put a human in the loop?

Create your account