> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tattoo.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Approve Portfolio Submission

> Operator-only promotion from private staging into the Sanity portfolio media lake.

This route requires a mapped human operator with `portfolio_intake:review`. A successful response marks the intake `promoted_to_sanity` and creates a private Sanity draft. It does not make the asset public; public portfolio reads require a later governed Convex projection and distribution approval.


## OpenAPI

````yaml openapi-portfolio-intake.json POST /submissions/{submissionId}/approve
openapi: 3.1.0
info:
  title: TattooAPI Portfolio Intake
  version: 1.0.0
  description: >-
    Private, review-gated portfolio intake for approved partners and TattooAPI
    operators. These operations never publish directly to public surfaces.
servers:
  - url: https://api.tattooapi.com/api/private/portfolio-intake/v1
    description: Production private portfolio intake
security: []
paths:
  /submissions/{submissionId}/approve:
    post:
      summary: Approve intake into the private Sanity media lake
      description: >-
        Requires portfolio_intake:review. Intended for a mapped human operator
        bearer session. Approval writes a private draft to Sanity; it does not
        make the asset public or create a public Convex projection.
      operationId: approvePortfolioIntakeSubmission
      parameters:
        - $ref: '#/components/parameters/SubmissionId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - reviewNotes
              properties:
                reviewNotes:
                  type: string
                  minLength: 3
                  maxLength: 2000
      responses:
        '200':
          description: Private Sanity draft created and intake marked promoted_to_sanity
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '409':
          description: Rights, consent, upload, or review prerequisites were not met
      security:
        - BearerAuth: []
components:
  parameters:
    SubmissionId:
      name: submissionId
      in: path
      required: true
      schema:
        type: string
        maxLength: 200
  responses:
    Unauthorized:
      description: Missing or invalid WorkOS credential
    Forbidden:
      description: Credential is unmapped, out of scope, or lacks the required permission
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: WorkOS AuthKit bearer token mapped to a TattooAPI human actor.

````