The authentication token is a string you define to refer to a set of channel permissions. So you don't really "get the token", you define it.
You can use a unique token for each user (e.g. using the user id in your app's context as the token) or a simply use generic token and share it with a group of users (e.g. registered_users or guests).
Before a token can be used you need to authenticate it using your Realtime subscription private key and the REST API authenticate endpoint.
When you authenticate a token you also pass along a set of channel permissions (read and read/write). The read permission only allows the user to subscribe the channel (to get messages) and a write permission allows the user to subscribe and also send messages through the channel.
You can learn more about the authentication process at http://messaging-public.realtime.co/documentation/starting-guide/security.html