Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

i have an api that lets users perform text-to-speech. A new user is given 10 credits for this api call. Lets say I use ory.sh to authenticate and get a session object, what parameter do i need to pass to backend api to identify the user? I shouldn’t just pass in the identity.id right? Do I pass in the session id? And how do i know which identity id the session id belongs to on my backend?

Hi <@U05EJH95WUS>

Please take a look at this document <https://www.ory.sh/docs/identities/sign-in/check-session-token-cookie-api>

Your backend will pass along the session cookie to Ory and verify the validity of the session. Within the Session is the identity ID.

so based on the example docs, the backend passes all values on the cookie.  this is alright? i’ll give it a try i guess.
```  const session = await ory
    .toSession({
      cookie: req.cookies.join("; "),
      xSessionToken: sessionToken,
    })
    .catch((err) =&gt; {
      // Check the error to see if it's a 401 / 403 -&gt; not logged in
    })```

~actually, im using python for the backend, is there a way to do this properly with curl? The docs dont have any curl/python examples~