← Back to Use Cases
COLLECT FROM OTHERS

Presigned Writes

Generate one-time URLs that let others write data without your token. Expires in 15 minutes.

The Problem

You want to trigger actions from notifications, webhooks, or mobile devices - but you can't embed your master token in a URL. You need one-click approval without exposing credentials.

Real example: Your EC2 instance detects it's idle and wants human approval before shutting down. How do you let someone approve with a single tap on their phone?

The WrenDB Solution

Generate a presigned URL that embeds both the action AND the authorization. The URL contains a JWT valid for 15 minutes. Anyone with that URL can trigger the action once - no token needed.

How It Works

1

Generate a presigned URL with the value baked in

Terminal 
# Generate presigned URL - the value is embedded in the JWT
curl -X POST https://api.wrendb.com/item/$STASH_ID/shutdown-approval/presign \
  -H "Authorization: Bearer $MASTER_TOKEN" \
  -H "Content-Type: text/plain" \
  -d "approved"

{
  "url": "https://api.wrendb.com/update?token=eyJ..."
}
2

Share the URL - clicking it triggers the action

Put it in a notification, email, or Slack message. One click = action executed:

One-click execution 
# Anyone can GET this URL to trigger the update (no auth needed!)
curl "https://api.wrendb.com/update?token=eyJ..."

{
  "success": true,
  "message": "Value updated successfully via pre-signed URL"
}
3

Your script checks the result

Read the value to see if the action was approved:

Terminal 
curl https://api.wrendb.com/item/$STASH_ID/shutdown-approval

approved

Real-World Example: EC2 Self-Shutdown with Human Approval

A cron job monitors instance idleness and requests approval via ntfy.sh before shutting down:

shutdown-monitor.sh 
#!/bin/bash
# Run via cron every 5 minutes:
# */5 * * * * /opt/scripts/shutdown-monitor.sh >> /var/log/shutdown.log 2>&1

# === Configuration ===
WRENDB_API="https://api.wrendb.com"
STASH_ID="your-stash-id"
MASTER_TOKEN="your-master-token"
APPROVAL_KEY="shutdown-approval"
NTFY_TOPIC="your-ntfy-topic"

# === Check if shutdown was already approved ===
APPROVAL_STATUS=$(curl -s "$WRENDB_API/item/$STASH_ID/$APPROVAL_KEY")

if [ "$APPROVAL_STATUS" = "approved" ]; then
    echo "Shutdown approved! Initiating shutdown..."

    # Reset approval status for next time
    curl -s -X PUT "$WRENDB_API/item/$STASH_ID/$APPROVAL_KEY" \
        -H "Authorization: Bearer $MASTER_TOKEN" \
        -H "Content-Type: text/plain" \
        -d "pending"

    # Execute shutdown
    sudo shutdown -h now
    exit 0
fi

# === Check if instance is idle ===
check_idle() {
    # Replace with your actual idle detection logic:
    # - CPU usage below threshold
    # - No active SSH sessions
    # - No recent network activity

    # Placeholder: random true/false for demo
    [ $((RANDOM % 2)) -eq 0 ]
}

if ! check_idle; then
    echo "Instance is busy, skipping shutdown check"
    exit 0
fi

echo "Instance is idle, requesting shutdown approval..."

# === Generate presigned URL that sets value to "approved" ===
PRESIGN_RESPONSE=$(curl -s -X POST \
    "$WRENDB_API/item/$STASH_ID/$APPROVAL_KEY/presign" \
    -H "Authorization: Bearer $MASTER_TOKEN" \
    -H "Content-Type: text/plain" \
    -d "approved")

APPROVAL_URL=$(echo "$PRESIGN_RESPONSE" | jq -r '.url')

if [ -z "$APPROVAL_URL" ] || [ "$APPROVAL_URL" = "null" ]; then
    echo "Failed to generate pre-signed URL"
    exit 1
fi

# === Send notification with one-click approval action ===
curl -s -X POST "https://ntfy.sh/$NTFY_TOPIC" \
    -H "Title: Instance Idle - Shutdown Request" \
    -H "Priority: high" \
    -H "Tags: warning,computer" \
    -H "Actions: http, Approve Shutdown, $APPROVAL_URL, clear=true" \
    -d "Your instance has been idle. Tap to approve shutdown (expires in 15 min)."

echo "Notification sent with approval link"

Initial setup - run once to create the stash and approval key:

Initial Setup 
# 1. Create a stash for this instance
RESP=$(curl -s -X POST https://api.wrendb.com/stash \
    -H "Content-Type: application/json" \
    -d '{"name": "EC2 Shutdown Control"}')

STASH_ID=$(echo $RESP | jq -r '.stash_id')
MASTER_TOKEN=$(echo $RESP | jq -r '.master_token')

echo "STASH_ID=$STASH_ID"
echo "MASTER_TOKEN=$MASTER_TOKEN"
# Save these in your script config!

# 2. Create the approval key with initial "pending" status
curl -X POST "https://api.wrendb.com/item/$STASH_ID/shutdown-approval" \
    -H "Content-Type: text/plain" \
    -d "pending"

The Flow

  1. Cron runs the script every 5 minutes
  2. Script checks WrenDB for approval status
  3. If "approved" → shutdown and reset to "pending"
  4. If "pending" → check if instance is idle
  5. If idle → generate presigned URL with value "approved"
  6. Send ntfy notification with the URL as an action button
  7. User taps "Approve Shutdown" on phone → URL sets value to "approved"
  8. Next cron run sees "approved" → initiates shutdown

Why Pre-signed URLs for Approvals?

  • One-click action - No login required, no app to open, just tap the link
  • No token exposure - The URL contains authorization, your master token stays safe
  • Auto-expires - URLs expire in 15 minutes, preventing stale approvals
  • Works everywhere - Notifications, emails, Slack, SMS - anywhere you can put a link
  • Simple state machine - WrenDB acts as the approval state store that your scripts poll

Other Approval Use Cases

  • CI/CD deployments - "Production deploy ready. Approve?" with pre-signed link
  • Database migrations - Require human approval before running destructive migrations
  • Expense approvals - Scripts detect expense reports, send approval links to managers
  • Access requests - Temporary access that requires manual approval before granting

Related Use Cases

Form Collector - Catch form submissions without a database Config Sharing - Share settings and feature flags