When you go to generate a REST API token, depending on your level of rights, you may see the following choices on your screen:

The difference is as follows:

• REST Access will generate a token that will allow you to programmatically communicate with Paxata.  The token is linked to a user account on a specific tenant. If you have RemoteAccess to multiple tenants, you would generate a REST token for each tenant. The alternative is when you do make programatic calls to the tenant, you will be forced to enter your user credentials & tenant ID into the programatic call. 
• Tenant Authorization will allow temporary access to a REST Token on a tenant that a user does not have an account for.  This is a way to allow the user to access a different tenant in a limited manner without having to provision or revoke an entirely new user account.

The Tenant Authorization tokens have a single use and will expire after 48 hours. REST API tokens do not expire and can be reused multiple times.