diff --git a/src/server.js b/src/server.js
index b03c5a1..5343532 100644
--- a/src/server.js
+++ b/src/server.js
@@ -257,7 +257,7 @@ fastify.post('/api/register', async (req, res) => {
 //Anything in here has some kind of auth
 fastify.after(() => {
     //Get url api route
-    fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, res) => {
+    fastify.get('/api/:shortcode/visits', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
         const shortcode = req.params.shortcode;
 
         //This should never happen but better safe than 500
@@ -281,7 +281,7 @@ fastify.after(() => {
     });
 
     //Get url api route
-    fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, res) => {
+    fastify.delete('/api/:shortcode', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
         const shortcode = req.params.shortcode;
 
         //This should never happen but better safe than 500
@@ -298,7 +298,7 @@ fastify.after(() => {
     });
 
     //Get all urls api route
-    fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth]) }, async (req, res) => {
+    fastify.get('/api', { onRequest: fastify.auth([fastify.basicAuth, fastify.verifyJWT]) }, async (req, res) => {
         urls = await knex.select('target', 'shortcode')
             .from('urls');