diff --git a/src/Dependencies.py b/src/Dependencies.py
index a96609fdd226599409a5e34ca5da323b5673f20c..022aee1a6eef18fbf7c68b56ba6c93bfb891e395 100644
--- a/src/Dependencies.py
+++ b/src/Dependencies.py
@@ -1,3 +1,7 @@
+from fastapi import Security, HTTPException
+from fastapi.security import APIKeyHeader
+from starlette.status import HTTP_403_FORBIDDEN
+
 from logic.databaseNew.Database import SessionLocal
 
 
@@ -7,3 +11,12 @@ def get_database():
         yield db
     finally:
         db.close()
+
+
+API_KEY_HEADER = APIKeyHeader(name='apiKey')
+
+
+async def check_api_key(apiKey: str = Security(API_KEY_HEADER)):
+    from main import API_KEY
+    if apiKey != API_KEY:
+        raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail='apiKey invalid')
diff --git a/src/main.py b/src/main.py
index a6ca603c83ce7d9571106013bc1ef1c91c54f932..90aa9e768d8758de158395d1db95ff002eda651e 100644
--- a/src/main.py
+++ b/src/main.py
@@ -14,13 +14,15 @@ Models.Base.metadata.create_all(bind=engine)
 with open('version.json', 'r', encoding='UTF-8') as f:
     version = json.load(f)['version']
 
+with open('../settings.json', 'r', encoding='UTF-8') as f:
+    settings = json.load(f)
+
+API_KEY = settings['api']['key']
+
 app = FastAPI(title=Constants.APP_NAME,
               version=version['name'],
               description='The StorageLeaf API')
 app.include_router(DeviceRouter.router)
 
-with open('../settings.json', 'r', encoding='UTF-8') as f:
-    settings = json.load(f)
-
 if __name__ == '__main__':
     uvicorn.run(app, host=settings['server']['listen'], port=settings['server']['port'])
diff --git a/src/routers/DeviceRouter.py b/src/routers/DeviceRouter.py
index 4b509e9479d2b36a211a12ea83e2d277a18701dd..9471e500aa236baab00c50d6eab512cff0f1e783 100644
--- a/src/routers/DeviceRouter.py
+++ b/src/routers/DeviceRouter.py
@@ -3,7 +3,7 @@ from typing import List
 from fastapi import APIRouter, HTTPException, Depends
 from sqlalchemy.orm import Session
 
-from Dependencies import get_database
+from Dependencies import get_database, check_api_key
 from logic.databaseNew import Schemas, Crud
 from logic.databaseNew.Schemas import Status
 
@@ -32,8 +32,9 @@ async def read_device(deviceId: int, db: Session = Depends(get_database)):
 
 @router.post('/', response_model=Schemas.Device,
              summary='Adds a new device',
-             responses={400: {'description': 'Device with this name already exists'}})
-async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
+             responses={400: {'description': 'Device with this name already exists'}},
+             dependencies=[Depends(check_api_key)])
+async def create_device(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
     createdDevice = Crud.get_device_by_name(db, device.name)
     if createdDevice:
         raise HTTPException(status_code=400, detail='Device with this name already exists')
@@ -42,8 +43,9 @@ async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_da
 
 @router.delete('/{deviceId}', response_model=Status,
                summary='Gets a specific device',
-               responses={404: {'description': 'Device not found'}})
-async def read_device(deviceId: int, db: Session = Depends(get_database)):
+               responses={404: {'description': 'Device not found'}},
+               dependencies=[Depends(check_api_key)])
+async def delete_device(deviceId: int, db: Session = Depends(get_database)):
     device = Crud.get_device(db, deviceId=deviceId)
     if device is None:
         raise HTTPException(status_code=404, detail='Device not found')