Hi Phillip,
Looking into this a bit further:
The get_nonces API call can by design only be performed by a logged-in user (i.e. with the cookies method, going through wp-login.php). This is typically done by a browser but does not have to be.
My original intention was to be able to display the user_id and api_key with the [wallets_api_key] shortcode, so that the user is then able to enter it into some other application and grant access. But the user must first login to the website to obtain this information.
I am curious, what your login workflow would be? If the user can already login, what’s the use of having a user_id and key? What type of credential would the user provide to your application via your UI?