API tokens inherit their permissions from their associated users.
A read/write token allows a user to perform any action through the API that its permissions allow.
A read only token only allows a user to perform read actions on the resources that their permissions allow them access to.
