Following the discussions with EN (Dan) about rate limiting, we will have to use a second API user with limited permissions to create the token for front end submission of forms.
Dan from EN has already sent instructions to Angelos and Kyriakos about how to implement this.
This task is the following:
If a frontend API key and secret are set in the settings, then
When an api form is shown, using the frontend api key, request a session id (if one does not already exist, since it is valid for 1 hour).
Then make the form submit with the JS and the session id, instead of sending it back to the wp server.