Hello,
Yes, you need to assign the access_wallets_api capability to the user. If you wish to use the API with an administrator account, use any plugin that can edit capabilities to assign access_wallets_api.
Since the user_id is required for remote access, it can be added to the get_nonces call. This way you can login first using cookies, obtain the login credentials programmatically, then continue accessing the API using the key. This will be added in the next patch.
with regards