In https://supertokens.com/docs/thirdpartypasswordless/quick-setup/backend, the documentation to generate keys tells to set the authorisation callback to auth/callback/{provider} except for Apple where it is api/callback/apple. Is it a mistake or is it supposed to be different ?

Hey! That is correct. Apple will redirect to your api domain. As opposed to others which will redirect to your website domain

Okay 👌