How is it possible that the token has a different value when it is called from a snippet in a resource and when it is from an ajax call in the same resource?
The token is session based, so perhaps the Ajax request is somehow seen as a different session. Perhaps it’s running a different context or isn’t providing the cookie values (withCredentials)?
The term ‘key’ in the docs is meant literally. It’s asking MODX for the ‘key’ of the current context, so MODX would return ‘web’ if that’s the current context. In other words, these are both correct and should work: