I like this post a lot. It not only describes the use of tokens. It also back its assertions with detailed explanations.
However, I’d love to read in topic #3 an explanation how the token, considered as a private key, is used similarly to API keys. The link that is given in the post simply describes what is a private key, which is off-topic.