I solved this for django-tokenauth[1] by making the token short and easy for humans to type in. Depending on how many tokens you have in flight at once, you can use very few digits.
Have you decided upon a minimum entropy level for the low digit tokens that prevents brute force attacks being feasible? I think easy to type in is something you can do with longer tokens, so long as it's readable as a sentence. "1676226" is harder to type in than "TotallyAgreeableCatPants" for example.