It seems reasonable - until you actually look at the specifics.
Some site may be just static files with no server-side api handling. Some may use GraphQL exclusively. Security. Government dictated API design will be an absolute shitshow. Etc.
Fair enough. I'm not particularly good at web dev so maybe there are better ways.
In the spirit of the law, yes maybe it should be less about mechanism and more about policy. The law they got fined over was that "accepting tracking cookies should be as easy as refusing them". I do think its possible to amend that to say _something_ like "both accepting and refusing should offer a simple program accessible mechanism to do so". Combined with the existing law, it would mean the mechanism/API can't be made arbitrarily difficult to reject but easy to accept. There will be room for debate here too, but it fundamentally is possible because the banners have to use such a mechanism.