...

1. Verify the validity of access token
2. Check user scope approval:create in order to perform this action

Logic

1. Search for approval by patient_id + approval_id
2. If not found
   
   1. return error
3. send SMS to the auth_phone via otp_verification service POST /verifications