Tokens grant the holder of them certain privileges.
There are three different types of token and each needs to be managed carefully.
A site token identifies your site with Kno. This token is not secret and can be safely used in the front end.
An API token is used to authenticate requests to the Kno API. This must be stored securely and used only on the server.
These tokens are generated by a client when they authenticate. They are single use.