As an administrator, how do I get an API token for a user other than myself, without logging in as them? When I visit the user configuration page, all I see is that "Token is hidden", and I cannot change it either.

There is a Jenkins System Property, jenkins.security.ApiTokenProperty.showTokenToAdmins . You need access to the master/OC process startup to change it.

Documented at the bottom of https://wiki.jenkins-ci.org/display/JENKINS/Features+controlled+by+system+properties

(We are going to do our best to leave this at false.)