Response Channels
PausePoint delivers pause notifications via SMS, email, or Slack. Channel availability depends on your plan.
| Channel | Free | Starter | Pro | Enterprise |
|---|---|---|---|---|
| SMS | Yes | Yes | Yes | Yes |
| No | Yes | Yes | Yes | |
| Slack | No | No | Yes | Yes |
| No | No | No | Yes |
SMS#
No setup required from the developer. PausePoint handles the Twilio number. You provide the recipient phone number in E.164 format.
Format: +[country code][number] — no spaces, dashes, or parentheses.
+15550100 # US
+447700900000 # UK
+61400000000 # Australia
Message format the human receives:
[PausePoint] Your agent wants to send a $340 wire to Acme Corp. Approve?
Respond here: https://api.pausepoint.dev/respond/TOKEN
Email#
Pass any email address as the recipient. PausePoint sends an HTML email with large tap-to-respond buttons for each option.
The subject line is: "Action required from your AI agent"
The email is mobile-optimized — each option renders as a large, full-width tap target with the respond_url embedded. The human taps a button in their email app and is taken to the response page.
Slack#
Pass a Slack incoming webhook URL as the recipient. You create the webhook URL once in Slack and never need to touch it again.
How to create a Slack incoming webhook:
- Go to api.slack.com/apps
- Create a new app (or use an existing one) → "Incoming Webhooks" → Activate
- Click "Add New Webhook to Workspace" → Pick a channel
- Copy the webhook URL:
https://hooks.slack.com/services/T.../B.../...
What the Slack message looks like:
Action required from an AI agent
Your agent wants to send a $340 wire to Acme Corp. Approve?
Options: Approve | Reject
[Respond Now] ← button linking to respond_url
Response Page Security#
Every pause generates a unique HMAC-SHA256 signed response token. The token is embedded in the SMS link as respond_url.
Token properties:
- Encodes the pause ID and expiry timestamp in the payload
- Signed with the server's SECRET_KEY using HMAC-SHA256
- Single-use: invalidated the moment the human submits a response
- Expiry-enforced: tokens cannot be used past expires_at, regardless of usage status
The hash of the token (not the token itself) is stored in the database. The plaintext token only exists in the SMS link and in-transit — it is never logged or stored.
URL structure: https://api.pausepoint.dev/respond/{token}
The static HTML page at /respond/ reads the token from window.location.pathname, calls GET /v1/respond/{token} to load the question, then POST /v1/respond/{token} to submit.