Demo: dojo/request/xhr Headers

Use dojo/request.post to validate a username and password. In this case, a valid password is the reverse of the username.
After, the Auth-Token is then retrieved from the promise.response.