diff --git a/.gitignore b/.gitignore
index 38571ca..a9448a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,5 +6,6 @@ __pycache__
 
 .env
 *.session
+*.session-journal
 
 venv
diff --git a/fastapi_file_server/app/depends.py b/fastapi_file_server/app/depends.py
new file mode 100644
index 0000000..b99768e
--- /dev/null
+++ b/fastapi_file_server/app/depends.py
@@ -0,0 +1,9 @@
+from fastapi import Security, HTTPException, status
+
+from core.auth import default_security
+from core.config import env_config
+
+
+async def check_token(api_key: str = Security(default_security)):
+    if api_key != env_config.API_KEY:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Wrong api key!")
diff --git a/fastapi_file_server/app/views.py b/fastapi_file_server/app/views.py
index 44d90db..fc43e8d 100644
--- a/fastapi_file_server/app/views.py
+++ b/fastapi_file_server/app/views.py
@@ -1,27 +1,30 @@
-from fastapi import File, UploadFile
+from fastapi import File, UploadFile, Depends
 from starlette import status
 from fastapi import APIRouter, HTTPException
 
+from app.models import UploadedFile as UploadedFileDB
 from app.serializers import UploadedFile
-from app import models
 from app.services.file_uploader import FileUploader
+from app.depends import check_token
 
 
 router = APIRouter(
     prefix="/api/v1",
+    dependencies=[Depends(check_token)],
+    tags=["files"]
 )
 
 
 @router.get("/files", response_model=list[UploadedFile])
 async def get_files():
-    return await models.UploadedFile.objects.all()
+    return await UploadedFileDB.objects.all()
 
 
 @router.get("/files/{file_id}", response_model=UploadedFile, responses={
     404: {},
 })
 async def get_file(file_id: int):
-    uploaded_file = await models.UploadedFile.objects.get_or_none(id=file_id)
+    uploaded_file = await UploadedFileDB.objects.get_or_none(id=file_id)
 
     if not uploaded_file:
         raise HTTPException(status.HTTP_404_NOT_FOUND)
@@ -38,7 +41,7 @@ async def upload_file(file: UploadFile = File({})):
     400: {}
 })
 async def delete_file(file_id: int):
-    uploaded_file = await models.UploadedFile.objects.get_or_none(id=file_id)
+    uploaded_file = await UploadedFileDB.objects.get_or_none(id=file_id)
 
     if not uploaded_file:
         raise HTTPException(status.HTTP_400_BAD_REQUEST)
diff --git a/fastapi_file_server/core/auth.py b/fastapi_file_server/core/auth.py
new file mode 100644
index 0000000..18ea52d
--- /dev/null
+++ b/fastapi_file_server/core/auth.py
@@ -0,0 +1,5 @@
+from fastapi.security import APIKeyHeader
+from fastapi.security.utils import get_authorization_scheme_param
+
+
+default_security = APIKeyHeader(name="Authorization")