@User validating a logged in user is done via the

Session.verifySession()

function in your APIs.