As far as I understand at this moment, it looks like the method used in the Reactive Native example can be transposed to our desktop application (which is in Python).
The API access point used seems to be <site>/session, and it takes a username, password and a csrf token. The csrf token can be obtained from <site>/session/csrf.
This is very close to what I was looking for. I think I will try that, will report back if it works for me.
Is the <site>/session API access point documented anywhere?