This is coming out of a discussion with eco-system and Identity teams on misuse of api token.

Eventually ecosystem decide on the overall strategy around API token usage. But before that, we should be able to at least have the information on api token access. Admin need to at least be able to know what resources api token accessed at what time.
Suggest event to be include:
api token creation/deletion
api token access resource

This work will need both identity and Admin Experience team's effort. So this ticket is for identity side of work

Hope this is the right place for it.