regrouped api calls for better organization and to add a bit more security. it now checks to make sure the incoming token matches the current session to authorize requests