I need to create "tokens" for users to send when they make calls to my API. My question is, what should I do to go about generating these tokens?
I should mention that I'm currently using modules such as everyauth and passport for authentication middleware, incase they include anything to help with this.
The typical way to issue tokens is using OAuth 2.0. OAuth2orize is a sibling project of Passport that provides a toolkit for implementing OAuth 2.0 authorization servers.
Although, based on your comment "They would be per session and they would not be given to third parties", I'm not sure what your use case is. How do you define a "session" outside of a browser context. And if this is in-browser, your best off using the built-in session support provided by Express.