Since exposed service is stateless, authentication "sessionToken" has to be passed as a parameter to each operation. Client can obtain authentication sessionToken by calling "login" operation.