diff --git a/Cargo.lock b/Cargo.lock
index 77a6357..c2eb6a7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -208,6 +208,21 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "actix-web-httpauth"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "456348ed9dcd72a13a1f4a660449fafdecee9ac8205552e286809eb5b0b29bd3"
+dependencies = [
+ "actix-utils",
+ "actix-web",
+ "base64",
+ "futures-core",
+ "futures-util",
+ "log",
+ "pin-project-lite",
+]
+
 [[package]]
 name = "adler2"
 version = "2.0.1"
@@ -498,7 +513,10 @@ version = "0.1.0"
 dependencies = [
  "actix-files",
  "actix-web",
+ "actix-web-httpauth",
  "chrono",
+ "dotenv",
+ "futures-util",
  "quartz",
  "reqwest",
  "scp_core",
@@ -575,6 +593,12 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "dotenv"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f"
+
 [[package]]
 name = "dotenvy"
 version = "0.15.7"
@@ -750,6 +774,17 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
 
+[[package]]
+name = "futures-macro"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "futures-sink"
 version = "0.3.31"
@@ -770,6 +805,7 @@ checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
 dependencies = [
  "futures-core",
  "futures-io",
+ "futures-macro",
  "futures-sink",
  "futures-task",
  "memchr",
diff --git a/Cargo.toml b/Cargo.toml
index d38406f..6aa4ce8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,10 @@ edition = "2024"
 [dependencies]
 actix-files = "0.6.9"
 actix-web = "4.12.1"
+actix-web-httpauth = "0.8.2"
 chrono = "0.4.42"
+dotenv = "0.15.0"
+futures-util = "0.3.31"
 quartz = "0.0.4"
 reqwest = "0.12.28"
 scp_core = { path = "./scp_core" }
diff --git a/frontend/src/components/app-sidebar.tsx b/frontend/src/components/app-sidebar.tsx
index 0ced26e..e61dc03 100644
--- a/frontend/src/components/app-sidebar.tsx
+++ b/frontend/src/components/app-sidebar.tsx
@@ -4,7 +4,6 @@ import {
   IconDashboard,
   IconFileAi,
   IconFileDescription,
-  IconInnerShadowTop,
   IconServer,
 } from "@tabler/icons-react";
 
diff --git a/frontend/src/components/nav-main.tsx b/frontend/src/components/nav-main.tsx
index 24a1e1b..7677842 100644
--- a/frontend/src/components/nav-main.tsx
+++ b/frontend/src/components/nav-main.tsx
@@ -1,6 +1,5 @@
-import { IconCirclePlusFilled, IconMail, type Icon } from "@tabler/icons-react";
+import { type Icon } from "@tabler/icons-react";
 
-import { Button } from "@/components/ui/button";
 import {
   SidebarGroup,
   SidebarGroupContent,
diff --git a/frontend/src/routes/server_list.tsx b/frontend/src/routes/server_list.tsx
index f0c524e..c33337d 100644
--- a/frontend/src/routes/server_list.tsx
+++ b/frontend/src/routes/server_list.tsx
@@ -2,7 +2,6 @@ import { Card } from "@/components/ui/card";
 import {
   Table,
   TableBody,
-  TableCaption,
   TableCell,
   TableFooter,
   TableHead,
diff --git a/src/helper.rs b/src/helper.rs
index ff47afb..dfc8d07 100644
--- a/src/helper.rs
+++ b/src/helper.rs
@@ -21,7 +21,6 @@ pub async fn get_access_token() -> Result<String, Box<dyn Error>> {
         .fetch_one(&pool)
         .await?;
 
-    dbg!(&tok);
     Ok(tok.token)
 }
 
diff --git a/src/main.rs b/src/main.rs
index ed5e032..64b3462 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,6 +2,7 @@ use std::env;
 
 use actix_files::Files;
 use actix_web::{App, HttpResponse, HttpServer, Responder, get, web};
+use actix_web_httpauth::middleware::HttpAuthentication;
 use scp_core::apis::configuration::Configuration;
 use scp_core::apis::default_api;
 
@@ -11,6 +12,7 @@ mod helper;
 mod jobs;
 mod models;
 mod servers;
+mod validator;
 
 #[get("/api/hello")]
 async fn hello() -> impl Responder {
@@ -31,6 +33,7 @@ async fn ping_netcup() -> impl Responder {
 
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
+    dotenv::dotenv().ok();
     let port = env::var("PORT")
         .unwrap_or_else(|_| "8080".to_string())
         .parse::<u16>()
@@ -43,6 +46,7 @@ async fn main() -> std::io::Result<()> {
 
     let res = HttpServer::new(|| {
         App::new()
+            .wrap(HttpAuthentication::basic(validator::basic_validator))
             .service(hello)
             .service(ping_netcup)
             .service(auth::is_scp_logged_in)
diff --git a/src/validator.rs b/src/validator.rs
new file mode 100644
index 0000000..570cc81
--- /dev/null
+++ b/src/validator.rs
@@ -0,0 +1,29 @@
+use std::env;
+
+use actix_web::{Error, dev::ServiceRequest};
+use actix_web_httpauth::extractors::{
+    AuthenticationError,
+    basic::{BasicAuth, Config},
+};
+use futures_util::future::{Ready, ready};
+
+pub fn basic_validator(
+    req: ServiceRequest,
+    creds: BasicAuth,
+) -> Ready<Result<ServiceRequest, (Error, ServiceRequest)>> {
+    let username = env::var("BASIC_USERNAME").expect("BASIC_USERNAME not set");
+    let password = env::var("BASIC_PASSWORD").expect("BASIC_PASSWORD not set");
+
+    let user_ok = creds.user_id() == username;
+    let pass_ok = creds.password().map(|p| p == password).unwrap_or(false);
+
+    if user_ok && pass_ok {
+        ready(Ok(req))
+    } else {
+        let mut config = Config::default();
+        config = config.realm("Restricted");
+
+        let err = AuthenticationError::from(config);
+        ready(Err((err.into(), req)))
+    }
+}