Current problem:
Your hosting layer returns a JavaScript anti-bot/validation page (aes.js) that sets a __test cookie before allowing access. This blocks non-browser clients (Postman, curl, server-to-server calls) because they cannot execute that JS.
Important: these API calls may come from varied IPs and do not have a fixed caller IP or header — they must be universally accessible.
Request:
Please disable or exempt the JavaScript anti-bot validation for all requests to:
