Implement a secure API endpoint that allows users to cast votes with the options: approve, reject, or abstain (if available). The request must include both UserId and StepId as required fields. Introduce server-level key based authentication to prevent unauthorized access and ensure that votes cannot be submitted on behalf of arbitrary users, even if the API is compromised.

Update the associated step to record that the decision was made via the REST API. Capture and store relevant request metadata such as timestamp, IP address, and request headers to support auditing and traceability.

Accepted criteria

• API requires UserId and StepId as mandatory parameters

• Supports vote values: approve, reject, abstain (if available)

• Implements server-level key based security authentication

• Prevents vote submission on behalf of unauthorized users

• Updates the step to indicate decision was made via REST API

• Stores request metadata for auditing, including: