I’ve seen this, but can’t understand it.

- they issue you a code when you are logged in

- they track that code for multiple use

- all they can do is claim that the code was securely generated and it isn’t just an API KEY to your account… but they’re already telling you it is database tracked

How can you have any even the 1/2 best proof it isn’t just an API KEY that directly links to your account? I see no trust path other than “us, bro”.