Access token conversion

What is claimed is: 1 . A system for authentication token conversion comprising: a non-transitory storage medium storing a set of computer-readable instructions; and a control circuit configured to execute the computer-readable instructions which cause the control circuit to: receive a first call from a first application programming interface (API) backend using a first authentication service based on a first tokenization protocol, the first authentication service being configured to: serve a plurality of in-store point of sale terminals; and  implement a physical channel authentication policy, wherein the physical channel authentication policy includes requirements for one or more tiers of step-up authentication; receive, from a user device, a second call to a second API backend with a first token associated with the first authentication service, wherein the second API backend uses a second authentication service based on a second tokenization protocol, the second authentication service being configured to: serve a plurality of user devices accessing an e-commerce service; and implement an e-commerce channel authentication policy wherein the e-commerce channel authentication policy includes requirements for one or more tiers of step-up authentication; convert the first token to a first converted token based on the second tokenization protocol; determine whether the first converted token is associated with a valid session initiated through the first authentication service; permit access to the second API backend based upon the determination that the first converted token is associated with the valid session initiated through the first authentication service; store, in a token mapping database, an association between the first token, first converted token, and session data; apply a token validity period to the first converted token, wherein the token validity period is a predefined timeout period; forward the first converted token to the user device for use in subsequent calls to the second API backend; and in response to an expiration of the predefined timeout period, or termination of the session, revoke the first converted token. 2 . The system of claim 1 , wherein the first token is a stay-signed-in (KMSI) token for accessing a website. 3 . The system of claim 1 , wherein the first authentication service and the second authentication service validate user credentials based on a same user credential database. 4 . The system of claim 1 , wherein the second API backend is configured to: receive a second token associated with the second tokenization protocol in a second call; and respond to the second call based on the second token. 5 . The system of claim 1 , wherein the second authentication service is further configured to determine whether to convert a received token based on whether the first API backend is called or the second API backend is called, and whether the received token is associated with the first authentication service or the second authentication service. 6 . The system of claim 1 , wherein the first authentication service is configured to: receive a call, from a second user device, to the first API backend with a second token associated with the second authentication service; convert the second token to a second converted token based on the first tokenization protocol; and forward the second converted token to the second user device for use in subsequent calls to the second API backend. 7 . The system of claim 1 , wherein the first authentication service is further configured to: determine whether the second tokenization protocol is recognized at the first API backend; receive a call to the first API backend with a second token associated with the second authentication service; and authenticate the second token with the second authentication service in response to the second tokenization protocol being recognized at the first API backend, wherein the first API backend responds to the call based on the second token. 8 . The system of claim 1 , wherein an association between the first token and the first converted token is stored in a token conversion database. 9 . The system of claim 1 , wherein the second authentication service is further configured to determine whether the first token has expired prior to converting the first token to the first converted token. 10 . The system of claim 1 , wherein the second authentication service is further configured to: receive a second call without a token or with an expired token; and redirect the second call to a login page. 11 . A method for authentication token conversion, the method comprises: providing, to a user device, a first token from a first application programming interface (API) backend using a first authentication service based on a first tokenization protocol, wherein the first authentication service is configured to: serve a plurality of in-store point of sale terminals; and implement a physical channel authentication policy, wherein the physical channel authentication policy includes requirements for one or more tiers of step-up authentication; receiving, from the user device, a call to a second API backend with the first token, the second API backend using a second authentication service based on a second tokenization protocol, wherein the second authentication service is configured to: serve a plurality of user devices accessing an e-commerce service; and implement an e-commerce channel authentication policy wherein the e-commerce channel authentication policy includes requirements for one or more tiers of step-up authentication; converting, with the second authentication service, the first token to a first converted token based on the second tokenization protocol; determining whether the first converted token is associated with a valid session initiated through the first authentication service; permitting access to the second API backend based upon the determination that the first converted token is associated with the valid session initiated through the first authentication service; storing, in a token mapping database, an association between the first token, first converted token, and session data; applying a token validity period to the first converted token, wherein the token validity period is a predefined timeout period; forwarding the first converted token to the user device for use in subsequent calls to the second API backend; and in response to an expiration of the predefined timeout period, or termination of the session, revoke the first converted token. 12 . The method of claim 11 , wherein the first token is a stay-signed-in (KMSI) token for accessing a website. 13 . The method of claim 11 , wherein the first authentication service and the second authentication service validate user credentials based on a same user credential database. 14 . The method of claim 11 , further comprising: receiving, at the second authentication service, a second token associated with the second tokenization protocol in a second call; and responding, with the second API backend, to the second call based on the second token. 15 . The method of claim 11 , wherein the second authentication service is further configured to determine whether to convert a received token based on whether the first API backend is called or the second API backend is called, and whether the received token is associated with the first authentication service or the second authentication service. 16 . The method of claim 11 , further comprising: receiving a call,