Tokens grant the holder of them certain privileges.
There are three different types of token and each needs to be managed carefully.
A site token identifies your site with DID. This token is not secret and can be safely used in the front end.
An API token is used to authenticate requests to the DID API. This must be stored securely and used only on the server.
These tokens are generated by a client when they authenticate. They are single use.