Augusto,
You can generate the token in php and return it to the success of the login and then proceed to inform it on all other requests.
Normally, requests per API do request-based authentication checking, and this depends on their logic and on downtime.
For example, if you do not expire the user in the app until it logs out, you can create a user relationship table with session. And store the token in this table. Whenever you find the user in this table it is logged in. And to unplug it, just delete the registry.
If you will use 100% webview, you can store client data in the javascript session.
Something like this:
window.sessionStorage.setItem("token", "meutoken")
To recover:
window.sessionStorage.getItem("token")
Additionally ...
Assuming also that you have jQuery loaded and the token is in the header Authorization
you can set all requests as default
$.ajaxSetup({
headers: { 'Authorization': window.sessionStorage.getItem("token") }
});