This can be accomplished by calling this API:
/Help/Api/POST-api-Account

This can be accomplished by passing a Authorization "Token" Header in each request.
An example of this is shown below (using chrome plugin "Postman").

You always need to use https for production use.
If you transmit a token as plaintext, anyone can intercept it and get access to the protected resource.

Will support more universal Oauth 2.0 Bearer Tokens, eg: see related article
This is not supported currently because it requires the single sign on system to be upgraded to use ASP.NET Identity