Okay... that may be an issue, then. Our sign-in process is a custom one that is cookie-based (I know... I know... I know... for now, it is what it is...) and I believe the "impersonate user" function has been disabled for now as it was the cause of other, unrelated issues. We will try this out to see if the REST endpoints tunnel in under the the functionality that the admin panel pages provide, but are there any contingencies should that not work (other than using one admin account name...)?