diff --git a/api/api.go b/api/api.go
index a06d63b..76b8417 100644
--- a/api/api.go
+++ b/api/api.go
@@ -3,6 +3,7 @@ package api
 import (
 	"encoding/json"
 	"github.com/gorilla/mux"
+	"gitlab.hpi.de/codeocean/codemoon/poseidon/api/auth"
 	"gitlab.hpi.de/codeocean/codemoon/poseidon/api/dto"
 	"gitlab.hpi.de/codeocean/codemoon/poseidon/logging"
 	"net/http"
@@ -27,6 +28,9 @@ func NewRouter() http.Handler {
 	// `router.Host(...)` and to HTTPS with `router.Schemes("https")`
 	router = newRouterV1(router)
 	router.Use(logging.HTTPLoggingMiddleware)
+	if auth.InitializeAuthentication() {
+		router.Use(auth.HTTPAuthenticationMiddleware)
+	}
 	return router
 }
 
diff --git a/config/config.go b/config/config.go
index 1237e24..2c4559f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -16,8 +16,9 @@ import (
 var (
 	Config = &configuration{
 		Server: server{
-			Address:  "127.0.0.1",
+			Address: "127.0.0.1",
 			Port:     3000,
+			Token:    "",
 			TLS:      false,
 			CertFile: "",
 			KeyFile:  "",
@@ -43,6 +44,7 @@ var (
 type server struct {
 	Address  string
 	Port     int
+	Token    string
 	TLS      bool
 	CertFile string
 	KeyFile  string
diff --git a/configuration.yaml.example b/configuration.yaml.example
index 0b21cd4..1a01b9e 100644
--- a/configuration.yaml.example
+++ b/configuration.yaml.example
@@ -1,6 +1,8 @@
 server:
   address: 127.0.0.1
   port: 3000
+  # If set, this token is required in the X-Poseidon-Token header for each route except /health
+  token: SECRET
   tls: false
   certfile: ./poseidon.crt
   keyfile: ./poseidon.key