supplying the sessionToken should be enough. Keep in mind that this is an ephemeral token and has a finite lifetime. Did you try walking through the steps in that article exactly how its written? Are you able to include a sessionToken in an /authorize call made in a browser without needing to login?