What about using playwright/puppeteer or some other browser automation tool to interact with it?

I'm sure they're doing their utmost best to prevent this, but this is a known adversarial situation/cat-and-mouse play in the anti-LLM scraping, anti-bot, captcha domain.

Calling this a certificate is a bit generous with the truth.