API only users cannot login and choose ‘Reset my security token’. Right now, in my company, we select a System Administrator profile for users, log in for the first time, choose ‘Reset my security token’, then change the profile to a custom profile which has API only enabled.
The other way of doing it is, modifying the profile to not have API only user checked initially and then turn it on once the security token is received.
Is there a recommend way to do this? Is there an option to force the security token to be sent when the user is created with a profile which has API user enabled?
In the UI – change API only user profile to another non-api only user profile. Log in, reset security token. The IP range(s) on the profile assigned to the non-API User must allow your IP or you will not see the ‘Reset Security Token’ option on the User record.