Each API key is associated to a single, full fledged Fleetio user. Each Fleetio user has a set of permissions that limit what actions he or she can take on which resources. The same rules that apply to a user via the standard Fleetio interface also apply when interacting with the Fleetio API.
Read more about Fleetio permissions
If an attempt is made to read or modify a resource for which the API user does not have access to, then a 403 Forbidden response code will be returned. If you receive this response code then make sure that the API user has the correct permissions for that action.
Getting an Account Token via the API
It's also possible to list all account tokens for a user through the API. Please see the accounts api endpoint for more information.