You can think of a token as a one-time password. It is similar to two-factor authorization, only not carried out by a human, but by the program. Not all e-commerce partners work with tokens. Therefore this is part of the configuration.