diff --git a/Cargo.lock b/Cargo.lock
index 0453024..89b9fdb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -598,6 +598,7 @@ dependencies = [
  "plist",
  "plist-macro",
  "reqwest",
+ "thiserror 2.0.17",
 ]
 
 [[package]]
diff --git a/isideload/Cargo.toml b/isideload/Cargo.toml
index e5fddb5..0cf797a 100644
--- a/isideload/Cargo.toml
+++ b/isideload/Cargo.toml
@@ -19,3 +19,4 @@ idevice = { version = "0.1.50", optional = true }
 plist = "1.8.0"
 plist-macro = "0.1.0"
 reqwest = { version = "0.13.1", features = ["json", "gzip"] }
+thiserror = "2.0.17"
diff --git a/isideload/src/anisette/mod.rs b/isideload/src/anisette/mod.rs
index e69de29..d3d07a6 100644
--- a/isideload/src/anisette/mod.rs
+++ b/isideload/src/anisette/mod.rs
@@ -0,0 +1,6 @@
+pub trait AnisetteProvider {}
+
+// tmp
+pub struct DefaultAnisetteProvider {}
+
+impl AnisetteProvider for DefaultAnisetteProvider {}
diff --git a/isideload/src/auth/apple_account.rs b/isideload/src/auth/apple_account.rs
index 6f711f4..03a4904 100644
--- a/isideload/src/auth/apple_account.rs
+++ b/isideload/src/auth/apple_account.rs
@@ -1,3 +1,4 @@
+use crate::Result;
 use reqwest::{Certificate, ClientBuilder};
 
 const APPLE_ROOT: &[u8] = include_bytes!("./apple_root.der");
@@ -6,22 +7,36 @@ pub struct AppleAccount {
     pub email: String,
     pub spd: Option<plist::Dictionary>,
     pub client: reqwest::Client,
+    pub anisette: Box<dyn crate::anisette::AnisetteProvider>,
 }
 
 impl AppleAccount {
-    pub fn new(email: &str) -> reqwest::Result<Self> {
-        let client = ClientBuilder::new()
-            .add_root_certificate(Certificate::from_der(APPLE_ROOT)?)
-            // uncomment when debugging w/ charles proxy
-            // .danger_accept_invalid_certs(true)
-            .http1_title_case_headers()
-            .connection_verbose(true)
-            .build()?;
-
+    /// Create a new AppleAccount with the given email
+    ///
+    /// # Arguments
+    /// - `email`: The Apple ID email address
+    pub fn new(email: &str) -> Result<Self> {
         Ok(AppleAccount {
             email: email.to_string(),
             spd: None,
-            client,
+            client: Self::build_client(false)?,
+            anisette: Box::new(crate::anisette::DefaultAnisetteProvider {}),
         })
     }
+
+    /// Build a reqwest client with the Apple root certificate
+    ///
+    /// # Arguments
+    /// - `debug`: DANGER, If true, accept invalid certificates and enable verbose connection logging
+    pub fn build_client(debug: bool) -> Result<reqwest::Client> {
+        let cert = Certificate::from_der(APPLE_ROOT)?;
+        let client = ClientBuilder::new()
+            .add_root_certificate(cert)
+            .http1_title_case_headers()
+            .danger_accept_invalid_certs(debug)
+            .connection_verbose(debug)
+            .build()?;
+
+        Ok(client)
+    }
 }
diff --git a/isideload/src/lib.rs b/isideload/src/lib.rs
index 2aa4350..0bf7265 100644
--- a/isideload/src/lib.rs
+++ b/isideload/src/lib.rs
@@ -1,4 +1,14 @@
+use thiserror::Error as ThisError;
+
 pub mod anisette;
 pub mod auth;
 
+#[derive(Debug, ThisError)]
+pub enum Error {
+    #[error("Reqwest error: {0}")]
+    Reqwest(#[from] reqwest::Error),
+}
+
+pub type Result<T> = std::result::Result<T, Error>;
+
 pub fn test() -> () {}