Atlassian Accounts are able to generate API tokens for use with Jira and Confluence cloud APIs. At the moment, org admins can only revoke these tokens but they cannot enforce policies on the token usage of their managed accounts.

Suggestion :
1. Allow org admins to enforce policies on API token usage

• Enable or block a managed account to be able to create tokens.
• Set a default expiration for the tokens that can be created (ie, 1 week, unlimited not allowed). see ID-7825

2. Allow admins to track the API token usage within the sites/applications.