Let admins grant new permissions or endpoint scopes to an existing API token in place, without generating a replacement token. Today, when new API endpoints or permission scopes are released, an existing token can't pick them up, so teams have to create a brand-new token and swap it everywhere it's used.
For service and agent integrations that authenticate with a static key (where an interactive OAuth flow isn't an option), this swap is expensive: it means a change request to the third-party vendor holding the token, their development and sequencing time, and an SLA wait, every time a scope is added. In-place scope updates would remove the rotation cycle and let integrations gain access to newly released endpoints without downtime or vendor turnaround.