An access token is a unique string of characters that serves as a credential, granting permission to access specific resources or perform certain actions within a system. It acts as a key, verifying the identity of the user or application attempting to interact with the system's APIs or services. Access tokens are commonly used in authentication mechanisms to ensure that only authorized entities can access protected resources.

Access tokens are typically generated by the API provider and are usually associated with a set of permissions or access rights that determine what the user or application can do with the API. These tokens are usually passed as a parameter in the API request and are used by the API to determine if the user or application is authorized to access the requested resources.

For example, in case of LocationIQ, an access token is particularly vital for accessing geocoding, routing, map and other APIs. LocationIQ's platform validates the identity and allows inclusion of trusted HTTP and IP Refferrers in advance. Here's a quick post on how LocationIQ's Access Tokens can be used to secure a public deployment.