Actually I found the API Key Admin under utilities. It asks for a reference to generate a 'new keypair'. I have no idea what that means.

Since I followed the instructions I was swamped with spam users and mailchannels now has me blocked and I guess my site is finished. I was naïve to post here

I very much doubt that your postings here have anything to do with any spam on your site. Unfortunately, spammers come across any site and post there sooner or later (or at least try to).

By default, Elgg does not provide much in terms of keeping spammers out. To improve the situation I would suggest to install the Spam Login Filter plugin (https://elgg.org/plugins/774755) at least to block spammers from already suspicous IP addresses from registering on your site.

But let me ask you: are the spammers registering to your Elgg site or are they registering to your Wordpress site and then post on the Elgg part? If they come from the Wordpress part, you would have to secure this side, too. I never used Wordpress so I can't give any advice how to deal with spam there but I'm sure there are be Wordpress modules available for this purpose.

If you don't want people to register on your Elgg site but only use their Wordpress account it might work to disable the account registering in the site settings of your Elgg site. Then you wouldn't need any Elgg plugins to keep the spammers out either. If the spammers come from Wordpress and you can't stop them, it might be necessary to disable to Elgg Brigde plugin again. If they can't login with their Wordpress account they can't post spam either.

What exactly is blocked by mailchannels? Can't you ask them to unblock you?

You could register an action hook on the register action and prevent the action from continuing if the autheid doesn't match the given credentials.

see http://learn.elgg.org/en/2.3/guides/actions.html