diff --git a/go.mod b/go.mod
index 8d9b40e..387c15d 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.12
 require (
 	github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8
 	github.com/golang/protobuf v1.3.2
+	github.com/grpc-ecosystem/go-grpc-middleware v1.0.0
 	github.com/lightningnetwork/lnd v0.7.0-beta
 	golang.org/x/net v0.0.0-20190628185345-da137c7871d7
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
diff --git a/sample.env b/sample.env
index 61c2e90..a992a39 100644
--- a/sample.env
+++ b/sample.env
@@ -6,4 +6,6 @@ LND_MACAROON_HEX=<hex encoded macaroon>
 
 NODE_NAME=<NODE_NAME>
 NODE_PUBKEY=<PUBKEY>
-NODE_HOST=<HOSTNAME:PORT>
\ No newline at end of file
+NODE_HOST=<HOSTNAME:PORT>
+
+TOKEN=<TOKEN>
\ No newline at end of file
diff --git a/server.go b/server.go
index c2b6a64..175d4e9 100644
--- a/server.go
+++ b/server.go
@@ -12,11 +12,14 @@ import (
 	lspdrpc "github.com/breez/lspd/rpc"
 
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
+	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"golang.org/x/sync/singleflight"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
 )
 
 const (
@@ -141,7 +144,18 @@ func main() {
 	defer conn.Close()
 	client = lnrpc.NewLightningClient(conn)
 
-	s := grpc.NewServer()
+	s := grpc.NewServer(
+		grpc_middleware.WithUnaryServerChain(func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+			if md, ok := metadata.FromIncomingContext(ctx); ok {
+				for _, auth := range md.Get("authorization") {
+					if auth == "Bearer "+os.Getenv("TOKEN") {
+						return handler(ctx, req)
+					}
+				}
+			}
+			return nil, status.Errorf(codes.PermissionDenied, "Not authorized")
+		}),
+	)
 	lspdrpc.RegisterChannelOpenerServer(s, &server{})
 	if err := s.Serve(lis); err != nil {
 		log.Fatalf("failed to serve: %v", err)