Definitely fake. I've worked in IT, and I know Okta's offerings. They do multi-factor and SSO stuff, basically password management stuff on steroids along with any regulatory compliance checklist stuff.
They do not rent out cloud infrastructure for other companies to use.
It's not how code works. There's no reason to send this information to the client because the filtering runs server side, so the client never needs to know about it.
You're assuming proper design. I've worked on systems where filtering was done client-side (and fixed that), it's stupid, but it's what happens when a FE is assigned a task and uses the tools at their disposal. In fact, I think Lemmy used to filter deleted comments clientside a few versions ago.
If they were deleting contents client-side then you could get around the filters by using something like tweet deck. Since we know that doesn't work we know that the filtering can't be done client-side.
Anecdotal but I’ve encountered a lot of this lately. It seems people have taken to dropping the term “API” arbitrarily into posts and conversations to signal knowledgeability with recognizable lingo, often resulting in nearly plausible but not quite accurate technical descriptions.
TBF I bet it works most of the time, due to the ubiquity of interfaces in software, and I may only notice it when they feel emboldened by the success of their first attempt.