Authentication is the mechanism of identifying/verifies a user during an incoming request.
Authentication gives us some advanced behavior like:
* Restriction on create, update or delete
* Unauthenticated requests should have read-only access.
* Adding throttling policies
The token authentication works by exchanging username and password for a token that will be used
in all subsequent requests so to identify the user on the server side.
Token authentication is suitable for client-server applications, where the token is safely stored.
You should never expose your token, as it would be (sort of) equivalent of a handing out your username and password.