which is why i think interacting with a tls server directly that exposed some sort of API would be potentially safer / easier to access control