According to this text: "The frontend sends the access token for each API call that requires session authentication. These API calls verify the access token and its expiry. If verification fails, the API throws a session expired error, else, execution continues." Won't by backend API need to communicate with Core for verification of access token each time?