Not sure what you mean here? Are you adding a second domain (not a subdomain) to the account? Or is this an account for a dedyn.io subdomain you are talking about? In any case accounts contain domains, not subdomains.
AFAIK tokens by default allow access to any domain of the account. For example, lets say you have two domains configured in your account:
domain1.com and domain2.com
You have a token with value: XXXXXXXXXX
You can get all RRs of domain1.com using e.g.:
curl --url 'https://desec.io/api/v1/domains/domain1.com/rrsets/' --header 'Authorization: Token XXXXXXXXXX'
and similar with the same token for domain2.com:
curl --url 'https://desec.io/api/v1/domains/domain2.com/rrsets/' --header 'Authorization: Token XXXXXXXXXX'
But you might be able to limit ´the scope of individual tokens. See Token Scoping: Domain Policies. If you limit the scope of one token, other tokens should not be affected.
HTH
fiwswe