Generate a session token used to authenticate a subset of API calls for use by merchant client apps. An authentication bearer token is required to retrieve a session token. The session token is intended to be used by client apps which merchants do not have exclusive control over (ie. mobile devices, etc). The session token is short-lived (ie. 15 minutes) and will require a new token to be used by the api upon expiry.