This enables a form on the user profile that allows users to create their own API tokens. It uses the same rights as the user so it will only have access to limited data.
You can disable/enable access by checking the mark on the form without destroying the key.