How is it different from Authtoken

A Management Token is a stack-level token used primarily for automation scripts, third-party app integrations, and Single Sign On (SSO)-enabled organizations. Unlike an Authtoken, which is a read-write, user-specific token used to make authorized CMA requests, a management token is not linked to any individual user. This means no personal user details are attached to API requests made using a management token.

If someone gains access to your authtoken and knows the Stack API key, they can make API requests that appear to originate from you. Management Tokens, however, are not tied to specific users, and therefore, role-specific permissions are not applicable. These tokens can perform all actions that authtokens can, except for a few exceptions related to Users, Workflows, and Publish Rules.

Note: Only the owner or admin of a stack can create Management Tokens.