diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 4fb4c12..1d491d3 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -70,5 +70,6 @@ class Kernel extends HttpKernel
         'throttle'         => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified'         => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
         'member.check'     => \App\Http\Middleware\MemberCheck::class,
+        'validate.token'   => \App\Http\Middleware\ValidateAPIToken::class,
     ];
 }
diff --git a/app/Http/Middleware/ValidateAPIToken.php b/app/Http/Middleware/ValidateAPIToken.php
new file mode 100644
index 0000000..92a328f
--- /dev/null
+++ b/app/Http/Middleware/ValidateAPIToken.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class ValidateAPIToken
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $token = $request->header('fipamo-access-token');
+        if ($token == session('token')) {
+            return $next($request);
+        } else {
+            $response = [
+                'message' => "API Auth Fail",
+                'type'    => 'postError',
+            ];
+            return response()->json($response)->header('Content-Type', 'application/json');
+        }
+    }
+}
diff --git a/public/assets/scripts/dash/app/controllers/PageEditor.js b/public/assets/scripts/dash/app/controllers/PageEditor.js
index 52e26d3..2e039d6 100644
--- a/public/assets/scripts/dash/app/controllers/PageEditor.js
+++ b/public/assets/scripts/dash/app/controllers/PageEditor.js
@@ -155,10 +155,7 @@ export default class PostEditor {
 							) {
 								notify.alert(r.message, false);
 							} else {
-								if (
-									r.type === DataEvent.PAGE_UPDATED ||
-									r.type === DataEvent.API_TESTING
-								) {
+								if (r.type === DataEvent.PAGE_UPDATED) {
 									notify.alert(r.message, true);
 								} else {
 									notify.alert(r.message, true);
diff --git a/routes/api.php b/routes/api.php
index 64fe3ec..7760eaa 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -21,24 +21,32 @@ use App\Http\Controllers\API\MailAPIController;
 
 //check if session is active
 Route::get("/v1/status", [AuthAPIController::class, 'status']);
+
 //handle page editing actions
-Route::put("/v1/page/write", [PageAPIController::class, 'write']);
-Route::post("/v1/page/create", [PageAPIController::class, 'create']);
-Route::delete("/v1/page/delete", [PageAPIController::class, 'delete']);
+Route::group(['prefix' => '/v1/page', 'middleware' => 'validate.token'], function () {
+    Route::put("/write", [PageAPIController::class, 'write']);
+    Route::post("/create", [PageAPIController::class, 'create']);
+    Route::delete("/delete", [PageAPIController::class, 'delete']);
+});
 
-//handle file uploads
-Route::post("/v1/files", [FileUploadAPIController::class, 'upload']);
 //settings
-Route::put("/v1/settings/publish", [SettingsAPIController::class, 'publish']);
-Route::put("/v1/settings/sync", [SettingsAPIController::class, 'sync']);
-Route::put("/v1/settings/nav-sync", [SettingsAPIController::class, 'navSync']);
-Route::put("/v1/backup/create", [SettingsAPIController::class, 'createBackup']);
-Route::get("/v1/backup/content-download", [SettingsAPIController::class, 'downloadBackup']);
-Route::get("/v1/backup/files-download", [SettingsAPIController::class, 'downloadBackup']);
-//init
-Route::post("/v1/init", [InitAPIController::class, 'setupFresh']);
-Route::post("/v1/restore", [InitAPIController::class, 'setupRestore']);
-Route::post("/v1/reset", [InitAPIController::class, 'setupReset']);
+Route::group(['prefix' => '/v1/settings', 'middleware' => 'validate.token'], function () {
+    Route::put("/publish", [SettingsAPIController::class, 'publish']);
+    Route::put("/sync", [SettingsAPIController::class, 'sync']);
+    Route::put("/nav-sync", [SettingsAPIController::class, 'navSync']);
+});
+//backups
+Route::group(['prefix' => '/v1/backup', 'middleware' => 'validate.token'], function () {
+    Route::put("/create", [SettingsAPIController::class, 'createBackup']);
+    Route::get("/content-download", [SettingsAPIController::class, 'downloadBackup']);
+    Route::get("/files-download", [SettingsAPIController::class, 'downloadBackup']);
+});
 
-//mail
-Route::post("/v1/mailer", [MailAPIController::class, 'sendNotify']);
+//other
+Route::group(['prefix' => '/v1', 'middleware' => 'validate.token'], function () {
+    Route::post("/files", [FileUploadAPIController::class, 'upload']);
+    Route::post("/init", [InitAPIController::class, 'setupFresh']);
+    Route::post("/restore", [InitAPIController::class, 'setupRestore']);
+    Route::post("/reset", [InitAPIController::class, 'setupReset']);
+    Route::post("/mailer", [MailAPIController::class, 'sendNotify']);
+});