USMobile recently added a way to add additional users with limited privileges. Turns out that even "Viewers" can top up a pool (they don't even have to have a line of their own!).
I'd recommend adding a user with view-only privileges and using that limited user to get tokens for scripting. Should be somewhat safer than using a token for the account admin.
"The open source part of iVentoy" is on GitHub. Perhaps it's not completely open?