To use token-based authentication, you need to generate a key  in Apple developer member center. Keys/tokens has two benefits over certificates:
- Keys are tied to a developer account, not to a specific app. A token-based connection to the HTTPS/2 API can be used to send push notifications to all your apps.
- Keys don't expire. But you are required to regenerate tokens within the hour.
If you manage your own push provider infrastructure, using tokens can be very helpful.
Refer to Apple doc on Communicating with APNs for details.
 It can be slightly confusing. "Key" is actually a certificate too.