> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hanko.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Integrate Hanko with a Python backend

<div class="hidden">
  **Hanko Backend Integration Guide**:

  **About Hanko**:

  Hanko is a modern open source authentication solution and the fastest way you integrate passkeys, 2FA, SSO, and more—with full control over your data. Move between self-hosted and Hanko Cloud anytime. No lock-in. Just Auth how it should be: secure, user friendly, and fully yours.

  **What This Guide Covers**: This guide demonstrates how to validate Hanko session tokens in your backend application. You'll learn to implement session validation, create middleware for protecting endpoints, and authenticate requests using Hanko's session management APIs.

  **Key Technologies**:

  * Server-side programming language
  * HTTP client libraries
  * Middleware frameworks
  * JSON handling
  * Hanko session validation API

  **Prerequisites**:

  * Knowledge of your chosen backend language and framework
  * Hanko Cloud account (sign up at cloud.hanko.io)
  * Frontend application with Hanko authentication

  **Integration Tasks You'll Complete**:

  * Set up Hanko API URL configuration from environment variables
  * Implement session token validation using proper data structures
  * Create reusable middleware or utilities for protecting API endpoints
  * Handle session validation responses, errors, and edge cases
  * Extract session tokens from HTTP cookies securely
  * Build authentication utilities that integrate with your application architecture
  * Implement comprehensive error handling and logging for production use
</div>

After successful authentication, Hanko generates a session token that is stored as a cookie. Use the session token to authenticate requests to your backend. This guide shows how to implement session token validation in Python to ensure that only authenticated users can access your application's protected resources.

### Get the Hanko API URL

Retrieve the API URL from the [Hanko Console](https://cloud.hanko.io/).

<Note>
  If you are self-hosting Hanko you need to provide your own URL.
</Note>

### Steps to authenticate requests

1. Retrieve the Session Token.

2. Verify the Session token using the Hanko [Validate](/api-reference/public/session-management/validate-a-session-1) API endpoint.

### Session token validation function

The following function validates session tokens against the Hanko backend. The implementation for retrieving the session token cookie will vary depending on your framework.

```python theme={null}
def validate_session_token(token: str) -> Tuple[bool, Optional[str]]:
    """
    Validates a session token with the Hanko API.
    Returns a tuple of (is_valid: bool, error_message: Optional[str])
    """
    try:
        response = requests.post(
            f"{HANKO_API_URL}/sessions/validate",
            json={"session_token": token}
        )

        if response.status_code != 200:
            return False, "Invalid token"

        validation_data = response.json()
        if not validation_data.get("is_valid", False):
            return False, "Invalid token"

        return True, None

    except requests.Timeout:
        return False, "Authentication service timeout"
    except requests.RequestException:
        return False, "Authentication service unavailable"
```
