We actually have identities for non-human accounts like AD service accounts or bots, so it was actually kinda straight-forward to provision it the correct access then generate a token for it.
You’re right though, we don’t necessarily want anonymous access requests being created externally, which is why we generated a PAT for our ServiceNow service account in AD.
I’ve had an issue specifically with this API endpoint permission because I wanted a token generated for PowerBI to be able to read access requests for other users. Since it can’t, I had to re-use my ServiceNow ORG_ADMIN credentials for Power BI