API tokens allow a user to authenticate with cloud apps and bypass two-step verification and SSO, and retrieve data from the instance through REST APIs. Token controls allow admins to view and revoke the use of API tokens by their managed accounts.
Why use API token controls?
Admins can achieve better visibility into usage of bot accounts and integrations, and improve security and admin controls over API access.
How it works
Admins can view and manage API tokens that users in their organization has created by navigating to each user’s account details page under Managed accounts. To learn more about how users create and use their own API tokens, see API tokens.