Verify Session Use @supertokens_middleware supertokens_middleware(enable_csrf_protection) All APIs that require a valid session must use this middleware. If enable_csrf_protection is None, CSRF protection will be applied to all non-GET and non-OPTIONS APIs automatically. If successful, it will create a session object that can be accessed via flask.g.supertokens. This uses the get_session() function. Example from supertokens_flask import supertokens_middleware from flask import jsonify, g @app.route('/info') @supertokens_middleware(True) def info(): return jsonify({'userId': g.supertokens.get_user_id()})