In this case, you would use the OAuth client authentication flow. In order to do that, two things are required:
The ability to create a web browser object within your application.
The ability to read the current URL of the web browser whenever it updates.
If you can do these two things, you would implement the OAuth client flow, which follows these steps:
A browser object is loaded with the authorization URL for your application
The user is then redirected to a login page.
Once they are logged in, they will then be redirected to a page to grant access to your application
Once access is granted, the user will then be redirected to the Redirect URI specified in your API key.
Once step 4 is reached, the URL for the redirect will include access token info in the URL that is redirected to. I your redirect URL was http://localhost (the default value), then this would be in the following format:
You can then get the Access Token by simply parsing the data that is included in the URL of the browser object that your application is controlling. This token can then be stored for future use. In order for this to work, it is often best to use a redirect URI that will load, ensuring that the browser allows you to read the URL that is loaded. For this, I would suggest setting the Redirect URI for your API key to match that of the website that best represents this proprietary tool. the redirect URI for API keys can be changed by logging in to your developer account with Mashery and editing the application that you registered.
For reference purposes, here is the format for getting your Authorization URL: