Hi Lukasz,
Is your server making the Target API calls, and then the browser making the ECID/AA calls?
If so, then after the very first page view your server should be able to see the mcid in the AMCV_... cookie set by the ECID. You can use that to pass #2.
In the case of a first-time-first-page I'll double check on the best method, but it might be doable if you just time the #2 after the ECID has run client side and then make the #2 call. I believe as long as #2 fires within the same session window you are fine - so it can be delayed.