I would recommand to use a service account (that has access to both source and target sites) with appropriate permissions, its simple.

Hi, unfortunately this is not supported.

I had to dev a similar application, and I already open a ticket on this subject, and they will not cover this point. No more info on this point.

But, my explication : 

All there API works with the cookie authentication. With an SharePoint App-Only you can have a authentication token, but not the cookie.  So with an App-only you can't retrive cookie, and so, you can't pass you cookie in your request header on the nintex API.

I recommande you to use a Service Account. 

If you have modern authentication on your tenant and MFA, you can create an App Passeword on your account, and use PnP to connect on your SharePoint site

https://support.microsoft.com/en-us/account-billing/manage-app-passwords-for-two-step-verification-d6dc8c6d-4bf7-4851-ad95-6d07799387e9

Spoiler alert : The Nintex API doen't support New Responsive Forms.

So you can't export New Responsive forms (you will have an error)

If you have a workflow that use task with new responsive form, you will have an error.

this is only mention in the "Export Workflow" API page : https://help.nintex.com/en-us/sdks/sdko365/Reference/REST/NWO_REF_REST_ExportWorkflow.htm?TocPath=Nintex%20Office%20365%20API|Nintex%20Workflow%20for%20Office%20365%20REST%20API|API%20Reference|REST%20Resources|Export%20files|_____1