API token - not in params?

Hey Kyle -   I'm rewriting an old API using J4/J5 Web Services.
If I require the user to retrieve the Joomla-generated API token, how can I do that within the CB profile?
I'm not seeing a token field, and it's not in params (that I can see.)
Adding another Edit Profile menu item isn't optimum.
I'm curious how Joomla generates the token.

I can drop back to ID/pwd authentication if I must...

Thoughts?
Thanks
Fred

The Joomla API Token has context restrictions in place so it can't display in CB profile edit and believe it also only works in backend. I don't think Joomla intends on the tokens to be used this way though so I'm not sure what the best way would be to expose them to frontend. Will add a feature ticket to see if I can get the token field to output to CBs profile edit, but unsure if I'll be able to get around the context restrictions.

forge.joomlapolis.com/issues/9471

Thanks Kyle - 
I did research the Token plugin - the form xml that's injected into the User profile has a field named "token" with an element named "algo" that's set to 'sha256'
The file <site>/plugins/user/token/src/Extension/Token.php  contains the token generation code 

From what I see, the token is displayed as follows:
         $rawToken  = base64_decode($tokenSeed); 
        $tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret);
        $message   = base64_encode("$algorithm:$userId:$tokenHash");

$tokenSeed is stored in the $__users_profile table
$algorithm is set from the algo field element, e.g. "sha256"

It would be an interesting exercize to write a webservice plugin that recreates the token.
In the meantime, I'll generate my own app-specific token and use the ID/password web authentication method
Thanks,
Fred

As I understand it Joomla intends for those tokens to be used as env variables in for example an external integration or an app. I think Joomla would need OAuth to properly handle user based tokens. I'm not sure what their intent is though to be honest. At any rate will look into trying to get the token field to at least output to backend CB profile edit. I don't see it in Joomla frontend profile edit so I'm guessing they're only meant for backend.

The current token retrieval process requires a user to edit their front-end User profile (which has no token yet), then save the profile which will generate a token the user can copy and paste.
This is only if the user is in an ACL authorized to access the "API Authentication - Web Services Joomla Token" plugin.
 

I see, thank you. Will see if I can get those parameters to show up. Am unsure of when I will have this implement as currently have some other tasks to attend to.