Ofc I can't get pm's and all, but the API key will be like an access permission without putting your sensitive credentials, you know what I mean
I do understand, but that's not possible. Users cannot generate API keys, so you would either:
1. Make an app/extension that actually connects to the user accounts using his credentials (no one would use this unless it's open source, and run in the client side)
2. Or, an extension that would use your current session in your browser (obviously that comes with certain limiations).