In order to create an API token, an administrator must be logged into Okta. The token that will be created will have the same permissions as the user that created the token.
This is why our documentation recommends that you create a dedicated service account, grant it the appropriate Administrator role, and use it to generate an API token. That way you don’t have to worry about an administrator in your Okta tenant leaving the company and, upon them being deactivated in Okta, finding that your API calls no longer succeed. Its safer to have these applications rely on a service account that is not tied to a specific employees employment status.