What is the best way to get salesforce security token of a API Only user?
API only users cannot login and choose 'Reset my security token'. Right now, in my company, we select a System Administrator profile for users, log in for the first time, choose 'Reset my security token', then change the profile to a custom profile which has API only enabled.
The other way of doing it is, modifying the profile to not have API only user checked initially and then turn it on once the security token is received.
Is there a recommend way to get salesforce security token? Is there an option to force the security token to be sent when the user is created with a profile which has API user enabled?
From Salesfoce Security token and the API (my emphasis):
Users can obtain their security token by changing their password or resetting their security token via the Salesforce user interface. When a user changes their password or resets their security token, Salesforce sends a new security token to the email address on the user’s Salesforce record. The security token is valid until a user resets their security token, changes their password, or has their password reset. In the UI - change API only user profile to another non-api only user profile. Log in, reset security token. The IP range(s) on the profile assigned to the non-API User must allow your IP or you will not see the 'Reset Security Token' option on the User record.