Based on the provided knowledge sources, it appears that many operations in the Ory Keto API do not require authentication. This includes operations such as

checkOplSyntax

,

checkPermissionOrError

,

checkPermission

,

postCheckPermissionOrError

,

postCheckPermission

,

batchCheckPermission

, and

expandPermissions

. However, it's important to note that the APIs of Ory open-source Servers don't come with integrated access control. This means that all requests sent to their APIs are considered authenticated, authorized, and will be executed. To protect access to their APIs, it's recommended to use Ory Oathkeeper or a comparable API Gateway. For checking an authentication token, the Ory Session Token can be checked at the

<http://127.0.0.1/sessions/whoami>

endpoint. Here is an example of how to do it:

bash curl -s -H "Authorization: Bearer svX8bE9HTiVpMr7r55TtKtcOkLRhAq1a" \     <https://playground.projects.oryapis.com/sessions/whoami> | jq

This will return a JSON object with details about the session, including the session ID, whether the session is active, and when it was authenticated and issued. Sources: - [Ory Keto API Reference](https://www.ory.sh/docs/keto/reference/rest-api) - [Ory API Access Control](https://www.ory.sh/docs/self-hosted/operations/api-access-control) - [Ory Kratos User Login](https://www.ory.sh/docs/kratos/self-service/flows/user-login#api-clients)

Based on the provided knowledge sources, there is no direct information about using TLS certificates for authentication with the self-hosted Ory Keto server. However, in the context of Ory's ecosystem, TLS certificates are generally used for securing the communication between the server and the client, not for client authentication. For example, in Ory Hydra, you can use self-signed TLS certificates to secure the communication, but the client authentication is typically handled through OAuth 2.0 protocol. For SMTP server in Ory Kratos, certificate-based authentication can be configured by specifying the client certificate and client private key paths in the configuration file. Here is an example of how to do it:

yaml # kratos -c path/to/my/kratos/config.yml serve   courier:     smtp:       client_cert_path: /somepath/client.cert       client_key_path: /somepath/client.key

Sources: - [Ory Hydra SSL/TLS, HTTPS, self-signed certificates](https://www.ory.sh/docs/hydra/self-hosted/ssl-https-tls) - [Ory Kratos Certificate-based authentication](https://www.ory.sh/docs/kratos/self-hosted/mail-courier-selfhosted#certificate-based-authentication)

New message text here