Where are you looking at this URL?
If the service is secured (not shared with everyone), accessing it will require a token. This is what gives access to the service. For hosted services, if you are signed in, this token is passed automatically. However, sometimes you can see the token as part of the URL.
Having said that, you never want to share the URL to your rest service with a token, or add it to a web map via URL that way. This is because tokens are short lived and expire and the URL will quickly be invalid. Each client application can get their own token by forcing the user to sign in.
Mike