Redmine

I'm trying to write an automated test in Redmine Java API for case when getUsers() throws AuthorizationException for non-admin.

to do that, I first create a new user through REST API (using admin account), and then I want to send "getUsers()" request with the new user's API access key.
the problem is that I don't see a way to retrieve the API key of the user I just created.
I understand this is probably due to security reasons.
what's the right way to solve this problem?

it would be great if REST API supported the concept of "login" so that REST users would be able to "login" through REST API using their login&password (instead of API access key!) and then they'd receive some "session key" they could use temporarily for this session.

this would eliminate the problem I described above, and plus simplify the REST API usage in various UIs (people are often confused about "api access key", they want to use their login&password).