Andy Balaam explains how we add authentication via a security token stored in a cookie to our REST API. Slides, code and more details: http://www.artificialworlds.net/blog/2014/04/29/token-based-security-in-a-rest-api/