Fun fact, looks like our admin registration is going to use the same http auth mechanisms. Here's how it looks: - Keep list of admins in webmention format in the DB - Admins talk to the API using signed HTTP requests - API verifies requests by verifying the signatures Cool side effects? No need for storing a password or issuing tokens or actual admin account data. We can also use wildcards in the list like `@*@hypha.coop` to allow any account from a given domain to have access.