When we access Salesforce from an IP address that’s outside your company’s trusted IP ranges using a desktop client or the API, we need a security token to log in.
Salesforce Trusted IP Ranges:
Note:
Trusted IP Ranges is different from Profile IP Ranges.
1. To hide “Reset my Security Token” option in Salesforce, add IP ranges to
the profile. If the Login IP Ranges are set, Security Token is not
needed.
2. We will receive a new security token email when we reset the password for the user. Check the email associated with the user account to get the Security Token.
3. If MFA(Multi-Factor Authentication) for API Logins permission is enabled on the profile, use the code generated by an Authenticator app, such as Salesforce Authenticator for the security token value.
4. To get API only users to receive a security token reset email when you reset their password, use the following steps.
a. Temporarily assign the API Only user to a profile that doesn’t have the API only user permission.
b. Request the user to manually reset their security token. As an Admin do not impersonate(Logging using Login button).
c. Reassign the user to the Profile back with the API only user permission.
Reference Articles:
https://help.salesforce.com/s/articleView?id=sf.user_security_token.htm&type=5
https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_concepts_security.htm