Tokens are only relevant for hosted endpoints. Token
/api/signin, require a token.
Tokens are tied to specific accounts, and have access to all ledgers in those accounts. In previous versions, there were tokens for specific ledgers. This is no longer the case.
Tokens are retrieved via the api/signin endpoint. These tokens give you access to retrieve a list all the ledgers in an account, as well as full query, transaction, and logs viewing permission for all of the ledgers in an account.