The first thing you need is a user who has the new "IT Admin" role. Admin users will be able to add these to any user by navigating to the "Staff" page, selecting a user and toggling the permission to on:

This user will now have some additional menu item unlocked when they next login:

In this screen they will be able to view all the API users setup:

And by clicking into a API user they can view the current key:

And also create a new key and secret:
(important to note, you only ever see the secret once so make sure you copy it straight away)

Finally they can also disable a API user, making it instantly unusable.

Did this answer your question?