Methods, systems, and devices for application-specific session authentication are described. In some systems, a host server may authenticate a single-page application utilizing token-based verification. For example, a user device running the single-page application embedded within a container webpage may transmit a resource request including a session-identifying token to the host server. The host server may identify whether the session-identifying token is included in the resource request from the single-page application in order to determine whether to grant resource access for the request. If the request includes the token, the host server may determine that the request is from the single-page application, and may transmit the requested resources to the user device to load or update the embedded application. Using the token-based scheme, the host server may grant access to requests from the specific application, while restricting resource access to any requests received from other entities of the user device.