To get any non-public data or modify anything, you need to authenticate your API calls as an administrator.
The method AuthToken.create is used to create a new persistent authentication token. They may only be created from a session that is authenticated via Admin.login. These authentication tokens MUST be handled with great care since they will grant ANYONE, ANYWHERE, AT ANY TIME who has access to one adminstrator rights to your webshop.
To get a temporary authentication token, use Admin.login with your administrator account. This token has a lifespan of 24 hours. The temporary token should not be used for integrations against other applications. For this purpose, instead use the persistent authentication tokens.
Both of these tokens can then be used in the "auth" Context parameters to gain administrator authentication.
To authenticate yourself as a customer in a webshop you should use Customer.login.