A reference token (identity token) would be created when the user is trying to get the token created through the user profile page in UI as the "include_reference_token" parameter is always set to true. To create reference tokens through the REST API, you may add the "include_reference_token=true" parameter as mentioned in the below REST API command.
Example:
suhasc@suhasc-mac ~ % curl -XPOST -H "Authorization: Bearer XXX" http://XXX/access/api/v1/tokens -d "scope=applied-permissions/user" -d "username=suhas" Output: { "token_id" : "9f9cab95-dc73-4d29-5645-87506de8b7ad", "access_token" : "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiI0N0o3T01IeVZrYkEtcjdXZjMtZGtfNFNydUlnSkhmVUNIZHIwTFJ6RV8wIn0.eyJzdWIiOiJqZmFjQDAxaGE2M3pkeDN6M [...] QwmAimlegPCVjCuW8RknK6YuckIX1KTmMFU4V2Rp0-NS9X2sUvIoFY5A7xpPc6f2nHtq-QuqNBNz_NVgx4jXKZb29JEDEg8v37Cf6c4J-vYBXGvmdCOijKdth6g84XsviYZy0811GVqKZk99qe36hFsNQ", "expires_in" : 31536000, "scope" : "applied-permissions/user", "token_type" : "Bearer" }%
suhasc@suhasc-mac ~ % curl -XPOST -H "Authorization: Bearer XXX" http://XXX/access/api/v1/tokens -d "scope=applied-permissions/user" -d "username=suhas" -d "include_reference_token=true" Output: { "token_id" : "282f0ace-59aa-6876-af9a-bd3ab9bc3a28", "access_token" : "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiI0N0o3T01IeVZrYkEtcjdXZjMtZGtfNFNydUlnSkhmVUNIZHIwTFJ6RV8wIn0.eyJzdWIiOiJqZmFjQDAxaGE2M3pkeDN6MGg2MWp6NnRtczcxZmVlL3VzZXJzL3N1aGFzIiwic2NwIjoiYXBwbGllZC1wZXJtaXNzaW9ucy [...] zaoJyaUk30ow1aO9KwoGlGul2R33WGjNud5wmvs8tehIE1zxsj6TtvcWMyRwAfXo8x9Fiokayq3g1xvhDXhw-MJGWZy_030T6ERy_dNWNNFnqHcF42cwdB3rdeLHmGEwHqq-HBSjiy4AoXxudSVDg", "expires_in" : 31536000, "scope" : "applied-permissions/user", "token_type" : "Bearer", "reference_token" : "cmVmdGtuOjAxOjE[....]JObzhmbmc3QVNDenYwcU5k" }