I am fetching my PV data over web calls; my openhab system (webcalls and enphase binding) requests these data from the local enphase gateway. In order for this to work, you need a JWT token from your enphase account. This token is valid exactly 1 year.

Step 1: open a Terminal and get a session ID from Enlighten:

SESSION=$(curl -s -X POST https://enlighten.enphaseenergy.com/login/login.json? \
  -F "user[email]=my@email.com" \
  -F "user[password]=YOUR_ENLIGHTEN_PASSWORD" | jq -r '.session_id')
echo "Session: $SESSION"

This returns a session ID like for example: bd998gh582w15h598b124a65745zz3wl.

Step 2: Exchange session for a JWT. For this you need your Envoy serial number. Get it with this command:

curl -sk https://IP.OF.LOCAL.ENVOY/info | grep -o '<sn>[^<]*</sn>'

This will return your Envoy serial number <sn>123456789012<s/n>.

Step 3: Get your JWT token:

ENVOY_SERIAL="your_serial_here"
TOKEN=$(curl -s -X POST https://entrez.enphaseenergy.com/tokens \
  -H "Content-Type: application/json" \
  -d "{\"session_id\": \"$SESSION\", \"serial_num\": \"$ENVOY_SERIAL\", \"username\": \"my@email.com\"}")
echo "Token: $TOKEN"

Step 4: Verify that it works by querying your Envoy:

curl -sk -H "Authorization: Bearer $TOKEN" \
  https://IP.OF.LOCAL.ENVOY/production.json?details=1 | jq '.production[0].wNow'

It should return a wattage.
Now replace the password in openhab by the JWT token value.