The AJAX API Authorization token is used both by the Onyx Player API and the legacy AJAX API for access control.
You can create tokens using the Console under Settings > API. (Requires Administrator privileges.)
It is possible to restrict the auth token to a specific IP address and to specify read or write permissions.
(Using the XML-RPC API call getAjaxAuth() it's also possible to create tokens that expire after a specified number of seconds.)