The AJAX API Authorization token is used both by the Onyx Player API and the legacy AJAX API for access control.

You can create tokens using the Console under Settings > API. (Requires Administrator privileges.)

It is possible to restrict the auth token to a specific IP address and to specify read or write permissions.

(Using the XML-RPC API call getAjaxAuth() it's also possible to create tokens that expire after a specified number of seconds.)