Query api with user reader

Hi, I have created some curl plugins to access via xml api to our Pa-500 and make queries. For that right now I use the admin user to get the id: https: //X.X.X.X/api/? type = keygen & user = admin & password = password The problem that I see that this is very insecure because the key is in the plugin and with it could change the configuration. I tried to create a reader user with the role (superadmin read only and device administrator read only). But both give me error when running the plugin. it tells me I do not have access. My plugins what they do is make monitor / threat / data filtering / system queries, etc. Can someone guide me how to do it safely and why do not read-only high stick users work? Version pa-500 is 7.1.6 Thank you