Also looking for the same answer. If you had any progress I'd be interested in hearing.
There is no API for the Authentication token. The token site is protected by 2FA, part of the process is entering a code that was sent to a phone number.
Once you have the Authentication token, you exchange that for an API token, and you can keep using the API token indefinatley, as long as you have some logic in your code to check whether the token has expired, and exchange it for a new API token.
I.E. you only need to get the Auth token once, exchange it for an API token once, then use the API token indefinanatly, exchanging it whenever it becomes inactive.
You would only ever need to get a new Authentication Token from the website if you token chain becomes broken, or you call the logout API.