Just a note:
From the docs (Token based authentication):
Api-key and api-secret can be generated from the web interface, from the command line or by remote procedure call (RPC):
RPC: /api/method/frappe.core.doctype.user.user.generate_keys?user="user_name"
Command: bench execute frappe.core.doctype.user.user.generate_keys --args ['user_name']
But those command only return api-secret. so I guess the docs has to be changed.
To get the key different endpoint should be used:
/api/resource/User/*username*