diff --git a/config.json b/config.json
index 4a4317d..3632b48 100644
--- a/config.json
+++ b/config.json
@@ -2,7 +2,10 @@
   "app": {
     "name": "trackmyd-api",
     "auth": {
-      "secret": "mysecret"
+      "users": {
+        "client1": "client1",
+        "client2": "client2"
+      }
     },
     "port": 3500
   },
diff --git a/package-lock.json b/package-lock.json
index 83b2443..f3450dd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -111,6 +111,14 @@
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
       "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
     },
+    "basic-auth": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+      "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
+      "requires": {
+        "safe-buffer": "5.1.2"
+      }
+    },
     "bluebird": {
       "version": "3.5.1",
       "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz",
@@ -687,6 +695,14 @@
         }
       }
     },
+    "express-basic-auth": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/express-basic-auth/-/express-basic-auth-1.1.6.tgz",
+      "integrity": "sha512-fRh/UU2q/YhvY0/Pkzi3VcLyjIExveW2NOOnOGgO6yO0jKXt6zcKPVPWSrL8nlhlh+YEH5LOjz+CGFML5dJQNw==",
+      "requires": {
+        "basic-auth": "^2.0.1"
+      }
+    },
     "external-editor": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-3.0.3.tgz",
diff --git a/package.json b/package.json
index c88ea1d..e65293a 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
     "body-parser": "^1.18.3",
     "bunyan": "^1.8.12",
     "express": "^4.16.4",
+    "express-basic-auth": "^1.1.6",
     "mongoose": "^5.4.13"
   }
 }
diff --git a/server.js b/server.js
index bf05a3e..85fb860 100644
--- a/server.js
+++ b/server.js
@@ -1,10 +1,12 @@
 const express = require('express');
 const mongoose = require('mongoose');
 const bodyParser = require('body-parser');
+const basicAuth = require('express-basic-auth');
 const config = require('./config');
 const logger = require('./logger');
 const apiRoutes = require('./apiRoutes');
 
+
 const { db } = config;
 const app = express();
 const port = process.env.PORT || config.app.port;
@@ -16,6 +18,7 @@ mongoose.set('useFindAndModify', false);
 
 app.use(bodyParser.urlencoded({ extended: true }));
 app.use(bodyParser.json());
+app.use(basicAuth({ users: config.app.auth.users }));
 
 app.use('/api', apiRoutes);