...
Log into Isora GRC’s web interface.
Go to the Settings page and click on People, under the Organization section. Locate the user you wish to modify and click the pencil button next to the name to edit the user.
In the Edit User dialog, click the checkbox to “Enable token API access,” then click Save.
Now, when the user views their own profile, they will see the token shown. (A superuser could also view the token by viewing the user’s info in the Edit User dialog.)
You can now copy and paste this token from the web interface and save it for use in API calls.
Be aware that if you later remove a user’s API access and add it again, a new token will be generated each time.
Next:
...
2.3 API
...