After you are signed-in to your account, click on the person icon in the upper right highlighted below by the red arrow.
Then select "Security Settings" from the menu.
In the modal that opens, click the "Generate" button under the API Key or Access Token sections. Note that Access Tokens expire after 30 minutes to 6 hours depending on the setting you choose. API Keys are named and permanent until you delete them. But API Keys are shown only once. If you lose it, you have to delete and regenerate it.
Type in the name for your key. This is just a mnemonic for you - it has no software purpose.
Copy the key to your computer's clipboard and then save it into your script or external application that is trying to connect to Riffyn.
Click "Next" and you will see that your key is created.
To delete it, just hover over the key and you will see a delete icon appear.