1.# The user, Alice, calls the API method approveTransaction(123)
2.# The API receives the call and authenticates the user.
3.# An interceptor in the API calls out to the authorization engine (typically called a Policy Decision Point or PDP) and asks: ''Can Alice approve transaction 123?''
4.# The PDP retrieves the ABAC policy and necessary attributes.
5.# The PDP reaches a decision e.g. Permit or Deny and returns it to the API interceptor
6.# If the decision is Permit, the underlying API business logic is called. Otherwise the API returns an error or access denied.
