This article will cover points around:
Limitation of users that can approve a page
Highlight the application intent
To help understand the impact if API can act out of character, we would first need to understand the following points :
How is approval data stored?
All page approval data is stored against content-property module provided by Atlassian, ref: Content Property.
Who can modify content property?
Users who can see the page can query the approval data
Users who can edit the page can modify the approval data
Based on the above, it is essential to understand that, as users, you can mutate the approval data (via API) if you have permission to modify the page.
Modification is possible since the storage data is an extension of page content from a view/edit perspective. You can still modify the page content after the page has been approved (i.e., the content will not be locked down).
The Page Approval for Cloud app is meant to be helpful in a non-stringent approval process with its current architecture.