diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.ts
similarity index 84%
rename from src/api/endpoints/auth/accept.js
rename to src/api/endpoints/auth/accept.ts
index 1c0b100948..2c104ef1c6 100644
--- a/src/api/endpoints/auth/accept.js
+++ b/src/api/endpoints/auth/accept.ts
@@ -5,6 +5,7 @@
  */
 import rndstr from 'rndstr';
 const crypto = require('crypto');
+import it from '../../it';
 import App from '../../models/app';
 import AuthSess from '../../models/auth-session';
 import AccessToken from '../../models/access-token';
@@ -43,21 +44,19 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'token' parameter
-	const sesstoken = params.token;
-	if (sesstoken == null) {
-		return rej('token is required');
-	}
+	const [token, tokenErr] = it(params.token).expect.string().required().qed();
+	if (tokenErr) return rej('invalid token param');
 
 	// Fetch token
 	const session = await AuthSess
-		.findOne({ token: sesstoken });
+		.findOne({ token: token });
 
 	if (session === null) {
 		return rej('session not found');
 	}
 
 	// Generate access token
-	const token = rndstr('a-zA-Z0-9', 32);
+	const accessToken = rndstr('a-zA-Z0-9', 32);
 
 	// Fetch exist access token
 	const exist = await AccessToken.findOne({
@@ -73,7 +72,7 @@ module.exports = (params, user) =>
 
 		// Generate Hash
 		const sha256 = crypto.createHash('sha256');
-		sha256.update(token + app.secret);
+		sha256.update(accessToken + app.secret);
 		const hash = sha256.digest('hex');
 
 		// Insert access token doc
@@ -81,7 +80,7 @@ module.exports = (params, user) =>
 			created_at: new Date(),
 			app_id: session.app_id,
 			user_id: user._id,
-			token: token,
+			token: accessToken,
 			hash: hash
 		});
 	}
diff --git a/src/api/endpoints/auth/session/generate.js b/src/api/endpoints/auth/session/generate.ts
similarity index 89%
rename from src/api/endpoints/auth/session/generate.js
rename to src/api/endpoints/auth/session/generate.ts
index cf75b83e2d..6e730123c1 100644
--- a/src/api/endpoints/auth/session/generate.js
+++ b/src/api/endpoints/auth/session/generate.ts
@@ -4,6 +4,7 @@
  * Module dependencies
  */
 import * as uuid from 'uuid';
+import it from '../../../it';
 import App from '../../../models/app';
 import AuthSess from '../../../models/auth-session';
 import config from '../../../../conf';
@@ -49,10 +50,8 @@ module.exports = (params) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'app_secret' parameter
-	const appSecret = params.app_secret;
-	if (appSecret == null) {
-		return rej('app_secret is required');
-	}
+	const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
+	if (appSecretErr) return rej('invalid app_secret param');
 
 	// Lookup app
 	const app = await App.findOne({
diff --git a/src/api/endpoints/auth/session/show.js b/src/api/endpoints/auth/session/show.ts
similarity index 91%
rename from src/api/endpoints/auth/session/show.js
rename to src/api/endpoints/auth/session/show.ts
index 425c980d9d..55641929d8 100644
--- a/src/api/endpoints/auth/session/show.js
+++ b/src/api/endpoints/auth/session/show.ts
@@ -3,6 +3,7 @@
 /**
  * Module dependencies
  */
+import it from '../../../it';
 import AuthSess from '../../../models/auth-session';
 import serialize from '../../../serializers/auth-session';
 
@@ -57,10 +58,8 @@ module.exports = (params, user) =>
 	new Promise(async (res, rej) =>
 {
 	// Get 'token' parameter
-	const token = params.token;
-	if (token == null) {
-		return rej('token is required');
-	}
+	const [token, tokenErr] = it(params.token).expect.string().required().qed();
+	if (tokenErr) return rej('invalid token param');
 
 	// Lookup session
 	const session = await AuthSess.findOne({
diff --git a/src/api/endpoints/auth/session/userkey.js b/src/api/endpoints/auth/session/userkey.ts
similarity index 87%
rename from src/api/endpoints/auth/session/userkey.js
rename to src/api/endpoints/auth/session/userkey.ts
index 2c34304a5e..fdb8c26d4e 100644
--- a/src/api/endpoints/auth/session/userkey.js
+++ b/src/api/endpoints/auth/session/userkey.ts
@@ -3,6 +3,7 @@
 /**
  * Module dependencies
  */
+import it from '../../../it';
 import App from '../../../models/app';
 import AuthSess from '../../../models/auth-session';
 import AccessToken from '../../../models/access-token';
@@ -53,10 +54,8 @@ import serialize from '../../../serializers/user';
 module.exports = (params) =>
 	new Promise(async (res, rej) => {
 		// Get 'app_secret' parameter
-		const appSecret = params.app_secret;
-		if (appSecret == null) {
-			return rej('app_secret is required');
-		}
+		const [appSecret, appSecretErr] = it(params.app_secret).expect.string().required().qed();
+		if (appSecretErr) return rej('invalid app_secret param');
 
 		// Lookup app
 		const app = await App.findOne({
@@ -68,10 +67,8 @@ module.exports = (params) =>
 		}
 
 		// Get 'token' parameter
-		const token = params.token;
-		if (token == null) {
-			return rej('token is required');
-		}
+		const [token, tokenErr] = it(params.token).expect.string().required().qed();
+		if (tokenErr) return rej('invalid token param');
 
 		// Fetch token
 		const session = await AuthSess