# Available rorRequest API You can access the rorRequest API via `req.rorRequest` in your custom middleware. The available options are: | Property name | Return value type | Example return value | Description | | --------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------ | -------------------------------------------------------------------------- | | getCookies() | Record\ | `{ 'session': 'abc123' }` | Get all cookies from the request | | getMethod() | Method | `'GET'` | Get the HTTP method of the request | | getPath() | string | `'/api/v1/users'` | Get the path of the request | | getUrl() | string | `'/api/v1/users?foo=bar'` | Get the full URL including query string | | getBody() | Body | `{ username: 'john' }` | Get the request body | | getParams() | ParamsDictionary | `{ id: '123' }` | Get route parameters | | getQueries() | ParsedQs | `{ page: '1' }` | Get query string parameters | | setQuery(key: string, value: string) | void | - | Set a query parameter on the request | | getOriginAddress() | string or undefined | `'192.168.1.1'` | Get the origin IP address of the request | | getHeaders() | Record\ | `{ host: 'localhost', authorization: 'Basic ...' }` | Get all request headers | | isCookiePresent(cookieName: string) | boolean | `true` | Check if a specific cookie is present in the request | | getIdentitySessionHeaders() | Promise\> | `Map(2) {'authorization' => 'Basic BWRtaW46ZGV2', 'cookie' => 'cookie value'}` | Get the headers used during authorization | | getWhitelistedHeaders() | Promise\> | `Map(1) {'x-custom-header' => 'value'}` | Get whitelisted headers from the session | | getSid() | Promise\ | `'a5442490-45ee-4a60-a9a1-e62989db3ab1'` | Get the session ID from the request | | isAuthenticated(input?: { sid?: SID }) | Promise\ | `true` | Check if the session is authenticated | | getUserRequestIdentity(input?: { sid?: SID; predefinedTenancyId?: string }) | Promise<[UserRequestIdentity](https://github.com/beshu-tech/readonlyrest-docs/blob/develop/examples/custom-middleware/user-request-identity.md) or null> | Check User request identity section | Get the user request identity (returns `null` if not authenticated) | | ensuredIdentityAvailability() | Promise<{ ok: true } or { ok: false; reason: string }> | `{ ok: true }` | Check if identity is available without throwing; returns reason on failure | | enrichIdentitySessionMetadata(customMetadata: Record\) | void | - | Enrich existing user session with additional custom metadata | | lastSessionActivityDate() | Promise\ | `2023-03-23T19:50:37.932Z` | Date of the last session activity; used in the context of session timeout | | extractHiddenAppsNames() | Promise\ | `[ 'Enterprise Search, Overview', 'Observability' ]` | List of all hidden apps for the current user | | getTenancyId(sid: SID or undefined) | Promise\ | `'my-tenant'` | Get the tenancy ID associated with the given session ID | You also have access to the standard [Express.js](https://expressjs.com) [request](https://expressjs.com/en/api.html#req) and [response](https://expressjs.com/en/api.html#res) objects