Microsoft Copilot Studio

Microsoft Copilot Studio

Gate custom Microsoft Copilot Studio actions behind a human approval step using Power Automate HTTP actions. Block topic execution until a reviewer decides.

Prerequisites

  • Microsoft 365 licence with Power Platform access.
  • Copilot Studio canvas app with a topic that performs a sensitive action.
  • Cheqpoint Connection Key.

Steps

  1. In Copilot Studio, navigate to the topic that performs a sensitive action and add a Call an action node.
  2. Select Create a flow to open Power Automate.
  3. In Power Automate, add an HTTP action configured to POST to https://cheqpoint.co/api/webhooks/inbound with the x-api-key header.
  4. Map Copilot topic variables to the Cheqpoint request body fields.
  5. Use Parse JSON to extract the status from the response and return it to the Copilot topic.
  6. In the topic, add a Condition node: branch on approved to proceed, or show an explanatory message on rejected.

Sample request payload

json
{
  "action": "update_crm_record",
  "summary": "Copilot requesting update to customer account status",
  "details": {
    "account_id": "ACC-44219",
    "field": "subscription_tier",
    "old_value": "Basic",
    "new_value": "Enterprise",
    "initiated_by": "copilot_sales_assistant"
  },
  "justification": "Customer verbally confirmed upgrade during chat session."
}

Sample Cheqpoint response

json
{
  "status": "approved",
  "modifiedDetails": null,
  "decisionNote": "Confirmed with account manager. Proceed with upgrade."
}

Async behaviour

json
// If Cheqpoint returns status "pending", the approval is queued
// for a human reviewer. Branch on all three outcomes in your topic:
//
//   status == "approved"  → execute the action via Power Automate
//   status == "rejected"  → message the user explaining it needs review
//   status == "pending"   → either:
//     a) poll GET /api/approvals/{approvalId} in a scheduled flow, or
//     b) pass callbackUrl so Cheqpoint POSTs the decision to a webhook
//        that resumes the Power Automate flow.

{
  "action": "update_crm_record",
  "summary": "Copilot requesting account status update",
  "details": { "account_id": "ACC-44219", "new_value": "Enterprise" },
  "callbackUrl": "https://your-backend.example.com/cheqpoint/callback"
}

Notes

You have full control over what data is passed into the details object to provide human reviewers with sufficient context.

Tips

Start by routing only high-risk or high-value actions to minimize friction while maintaining oversight.

Get your Connection Key at cheqpoint.co/signup.