Create an api token tied to the organization. This api token is not tied to the user in anyway, e.g. if the user is deleted, the token will continue to have access to the organization. This token currently does not expire, so be very careful with storing them.