Jezz Santos:
So, more specifically what I am looking for is implmentation patterns involving ServiceStack.
Angular makes the suggestion for the channel mechanism (only) by which the data can be passed (i.e. XSRF-TOKEN).
But it makes no recommendation as to when and how the token is first created, and persisted/updated by client (presuming thatthe API will continuously create new tokens over time for the client to use for each POST/PUT/DELETE)
So, I was looking at strategies people have used to add this CSRF aspect to their solutions.
(The discussion was meant to weigh up different options, since there seems to be no standard ways to do this yet. At least no one seems to have shared theirs yet)