Bypassing creation of API tokens without email verification