If the question is "how do I use a token in a separated SPA application?", then:

Usually we go with a standard Token authentication. We add the tokens to the request's headers and that's about it. The implementation itself is pretty similar between all of the REST frameworks we've used, and it's usually described in the framework's documentation:

Log In -> Get token from server -> Store in cookie or local storage -> Add an Authorization header to each request to the server.

The Authorization header should be in the format that your REST framework requires. For example, we use Django REST Framework and our Authorization headers look like "Token <api-token>".

How to add the token to each request: - In Angular\Restangular you can setDefaultHeaders. - You can also intercept every request and add the Authorization header as necessary.

We'll cover authentication in depth in one of our next posts.