Authenticate
Two factors are required. 1) Enter the admin API bearer
(L2 possession factor). 2) Click Sign in with Apple (L1
identity) — a separate window handles Apple sign-in and returns only a session token.
Both are held in memory only and sent as X-Admin-Token and
Authorization: Bearer on every request. Apple's sign-in never sees the bearer.
Sign-in opens a separate, credential-free window (/login.html) that alone
loads Apple's SDK. This console never loads Apple's SDK and never transmits your bearer to
that window. No credential is ever persisted — if your browser offers to save these fields,
decline it.