Tokens are generated based on time so in theory there are no API calls happening.
If the token generation fails due to time de-sync (your computer clock could be set to an inaccurate time), it seems the activity will try to do a simple http/GET to try and get a timestamp that is reliable, but that’s pretty much it.
TL;DR: if your computer clock is accurate enough (no more than a couple minutes off) there are no external API calls.