You will not be able to retrieve the user's password. Mendix does not allow this for security reasons and rightfully so. So that path is a dead end and certain to fail.
Since you have two Mendix apps and a user with the same uid/pwd, then the prettiest option is to use SingleSignOn, but if not already available, it will be out-of-scope for this one usecase.
Instead of uid/pwd you can use ‘active session’. See https://docs.mendix.com/refguide7/published-rest-service#authentication.
Use a webservice user instead of the current user.
Usually, this is no problem, as you have system to system API calls, and you can just secure them with user names and long and complex passwords (or client certificates, IP ranges etc). If you require a user, you can simply add a user name as a request parameter. You can then either execute a microflow as a user, or constrain data retrieval by an account object with a matching user name. This is by far the easiest solution.
Effectively, the second implementation accomplishes the same as the first, but it's more complex.