diff --git a/src/main/java/de/gnmyt/mcdash/handler/ProxyHandler.java b/src/main/java/de/gnmyt/mcdash/handler/ProxyHandler.java
index c85dcf1..3fa7a78 100644
--- a/src/main/java/de/gnmyt/mcdash/handler/ProxyHandler.java
+++ b/src/main/java/de/gnmyt/mcdash/handler/ProxyHandler.java
@@ -5,6 +5,7 @@ import com.sun.net.httpserver.HttpHandler;
 import de.gnmyt.mcdash.MCDashWrapper;
 import de.gnmyt.mcdash.api.Logger;
 import de.gnmyt.mcdash.api.ServerManager;
+import de.gnmyt.mcdash.api.UserManager;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.RequestBody;
@@ -16,25 +17,53 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
+import java.util.List;
 
 public class ProxyHandler implements HttpHandler {
 
     private final static Logger LOG = new Logger(ProxyHandler.class);
     private final OkHttpClient client = new OkHttpClient();
     private final ServerManager serverManager = MCDashWrapper.getServerManager();
+    private final UserManager userManager = MCDashWrapper.getUserManager();
 
     @Override
     public void handle(HttpExchange exchange) throws IOException {
         String uuid = exchange.getRequestURI().getPath().split("/")[2];
-
-        if (serverManager.getServer(uuid) == null) {
-            exchange.sendResponseHeaders(404, 0);
-            exchange.close();
-            return;
-        }
-
         String pathWithoutUuid = exchange.getRequestURI().getPath().replace("/proxy/" + uuid, "")
-                        + (exchange.getRequestURI().getQuery() != null ? "?" + exchange.getRequestURI().getQuery() : "");
+                + (exchange.getRequestURI().getQuery() != null ? "?" + exchange.getRequestURI().getQuery() : "");
+
+        if (pathWithoutUuid.startsWith("/api")) {
+            List<String> authHeader = exchange.getRequestHeaders().get("Authorization");
+            if (authHeader == null) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            String[] authCredentials;
+            try {
+                authCredentials = new String(Base64.getDecoder().decode(authHeader.get(0)
+                        .replace("Basic ", ""))).split(":");
+            } catch (Exception e) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            if (authCredentials.length != 2) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            if (!userManager.isPasswordCorrect(authCredentials[0], authCredentials[1])) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            if (serverManager.getServer(uuid) == null) {
+                exchange.sendResponseHeaders(404, 0);
+                exchange.close();
+                return;
+            }
+        }
 
         RequestBody requestBody = exchange.getRequestMethod().equals("GET") ? null : RequestBody.create(IOUtils.toByteArray(exchange.getRequestBody()), null);