The user api key system is not designed for this use case, if you go through the dance of generating a private key and then go ahead and store it on the server on behalf of the user, why bother with all this dancing, just generate the keys server side.
Super hard for me to provide any guidance without me fully understanding what the actual problem is in much more detail. Why not simply provide proxy end points on your web app and handle all auth in your app?