We need to create sub-sites each with unique permissions.
Examples I've seen so far take the URI webinfos/add and UseUniquePermissions = false
...our case it's true. We are controlling permissions at the sub-site level, so they need unique perms
We can create the sub-site with unique permissions via webinfos/add + unique perms = true, but we still have to do the following by hand:
--1. Create the default 3 SharePoint groups >> Owners, Members, Visitors (I don't get any of these 3 via running the URI above...it just adds my name). I think it's the permsetup.aspx page that runs when you manually set the 3 SharePoint Groups >> Readers, Members, Owners
--2. Add the sub-site to the main parent site for Quick Launch navigation (we don't want it on the top / horizontal nav)
--3. Add 2 users to the Owners SharePoint group (email@example.com, firstname.lastname@example.org)
--4. Turn sharing off by members and have all access requests go to the Owners group for approval/monitoring