You can manage API Tokens by going to the Organisation Settings. From this page you can view the existing tokens of all the users within your Organisation.
Delete an API token from the settings page.
API Tokens are specific to an organization and are assigned one of the standard user roles: Owner, Editor, or Viewer. These tokens can be created interactively, but only by users with an Owner role. Right after creation, the token string is displayed to the user. This is the only opportunity to access and copy the token string for external use, as it won't be accessible again.
The role assigned to an API Token cannot be changed once it's created. However, users can edit its 'metadata', such as the displayName and description. If a different access level is needed, a user must create a new token with the desired role.
Like a regular User entity, an API Token can be deactivated (effectively 'deleted'). When deactivated, the token remains in the system but is marked as inactive, indicating it is no longer operational.