Implement a secure endpoint that allows users to cast votes with the options approve, reject, or abstain (if available). The request must include JWT parameter that contains information about (approval id, step id, expiration: 24 hours, and whether login as an external approver is required).

The endpoint will be available only to external approvers (Everything will go through the external approver's website. If they are associated with an Atlassian user who can vote in the step, the session and association will allow the action). They may have an account in our application.

If the user is not logged in and login is required, the endpoint returns an appropriate message and initiates a redirect flow.

For approvers whose account is linked to an Atlassian user, the required information will be retrieved from the external approver’s user session. In this case, the decision will be submitted without displaying a confirmation screen, and the browser tab can be closed immediately after the vote is cast.

For existing users (not linked to an Atlassian account) or users not logged in who currently vote via direct email links, we will display information explaining that actions can be performed without confirmation once their account is linked to an Atlassian account.

Accepted criteria

• API requires StepIdand vote decision as mandatory parameters

• Supports vote values: approve, reject, abstain (if available)

• Prevents vote submission on behalf of unauthorized users

• Updates the step to indicate decision was made via API