> I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)

You can open the network tab, click an API requesst, and copy the token from the Authorization header.