diff --git a/app/controllers/api/v2/restful_controller.rb b/app/controllers/api/v2/restful_controller.rb
index d09f4cc0..417f7bc9 100644
--- a/app/controllers/api/v2/restful_controller.rb
+++ b/app/controllers/api/v2/restful_controller.rb
@@ -5,7 +5,6 @@ module Api
       include Pundit
       include PunditExtra
 
-      protect_from_forgery with: :exception
       snorlax_used_rest!
 
       before_action :load_resource, only: [:show, :update, :destroy]
@@ -46,7 +45,7 @@ module Api
       end
 
       def current_user
-        token_user || doorkeeper_user || super
+        token_user || doorkeeper_user
       end
 
       def load_resource
diff --git a/app/controllers/api/v2/tokens_controller.rb b/app/controllers/api/v2/tokens_controller.rb
index e0474e25..28dfc120 100644
--- a/app/controllers/api/v2/tokens_controller.rb
+++ b/app/controllers/api/v2/tokens_controller.rb
@@ -2,6 +2,8 @@
 module Api
   module V2
     class TokensController < RestfulController
+      protect_from_forgery
+
       def searchable_columns
         [:description]
       end
@@ -18,6 +20,12 @@ module Api
         create_action
         respond_with_resource
       end
+
+      private
+
+      def current_user
+        token_user || doorkeeper_user || method(:current_user).super_method.super_method.call
+      end
     end
   end
 end
diff --git a/app/controllers/tokens_controller.rb b/app/controllers/tokens_controller.rb
new file mode 100644
index 00000000..b434d122
--- /dev/null
+++ b/app/controllers/tokens_controller.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+class TokensController < ApplicationController
+  before_action :require_user, only: [:new]
+
+  def new
+    @token = Token.new(user: current_user)
+    render :new, layout: false
+  end
+end
diff --git a/app/views/tokens/new.html.erb b/app/views/tokens/new.html.erb
new file mode 100644
index 00000000..e655010d
--- /dev/null
+++ b/app/views/tokens/new.html.erb
@@ -0,0 +1,5 @@
+<%= form_for @token, url: '/api/v2/tokens', method: :post do |form| %>
+  <h4>Request new API Token</h4>
+  <%= form.text_field :description, placeholder: "Token description..." %>
+  <%= form.submit %>
+<% end %>
diff --git a/config/routes.rb b/config/routes.rb
index 1eae4b96..f2850c81 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -89,6 +89,8 @@ Metamaps::Application.routes.draw do
     end
   end
 
+  resources :tokens, only: [:new]
+
   devise_for :users, skip: :sessions, controllers: {
     registrations: 'users/registrations',
     passwords: 'users/passwords',