A client token is a signed data blob that includes configuration and authorization information required by the Braintree client SDK. These should not be reused; a new client token should be generated for each request that's sent to Braintree. For security, we will revoke client tokens if they are reused excessively within a short time period.
Your server is responsible for generating the client token, which contains all of the necessary configuration information to set up the client SDKs. When your server provides a client token to your client, it authenticates the application to communicate directly to Braintree.
Your client is responsible for obtaining the client token from your server and initializing the client SDK. If this succeeds, the client will generate a payment method nonce.