diff --git a/tests/test_rest.py b/tests/test_rest.py
index 948ab08..496112a 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -110,31 +110,38 @@ def test_head_no_messages_posted_since(self):
     #######POST
     def test_post_empty_message(self):
         response = self.app.post('/abcdefghijklmnopqrstuvwxyzabcdefghijklmnopo', data=b'',
-                                 headers={'Content-Type': 'application/octet-stream'})
+                                 headers={'Content-Type': 'application/octet-stream', 'Authorization': 'Client Qabel'})
         assert response.status_code == status.HTTP_400_BAD_REQUEST
         assert response.data == b''
 
     def test_post_no_message(self):
         response = self.app.post('/abcdefghijklmnopqrstuvwxyzabcdefghijklmnopo',
-                                 headers={'Content-Type': 'application/octet-stream'})
+                                 headers={'Content-Type': 'application/octet-stream', 'Authorization': 'Client Qabel'})
         assert response.status_code == status.HTTP_400_BAD_REQUEST
         assert response.data == b''
 
     def test_post_to_invalid_drop_id(self):
-        response = self.app.post('/fail', data=b'Yay', headers={'Content-Type': 'application/octet-stream'})
+        response = self.app.post('/fail', data=b'Yay',
+                                 headers={'Content-Type': 'application/octet-stream', 'Authorization': 'Client Qabel'})
         assert response.status_code == status.HTTP_400_BAD_REQUEST
         assert response.data == b''
 
     def test_post_message_is_too_long(self):
         response = self.app.post('/abcdefghijklmnopqrstuvwxyzabcdefghijklmnopo', data=2574 * b'x',
-                                 headers={'Content-Type': 'application/octet-stream'})
+                                 headers={'Content-Type': 'application/octet-stream', 'Authorization': 'Client Qabel'})
         assert response.status_code == status.HTTP_413_REQUEST_ENTITY_TOO_LARGE
         assert response.data == b''
 
     def test_post_message(self):
         response = self.app.post('/abcdefghijklmnopqrstuvwxyzabcdefghijklmpost', data=b'Yay',
-                                 headers={'Content-Type': 'application/octet-stream'})
+                                 headers={'Content-Type': 'application/octet-stream', 'Authorization': 'Client Qabel'})
         assert response.status_code == status.HTTP_200_OK
         assert response.data == b''
         response = self.app.get('/abcdefghijklmnopqrstuvwxyzabcdefghijklmpost')
         assert 'Yay' in response.data.decode()
+
+    def test_post_message_without_headers(self):
+        response = self.app.post('/abcdefghijklmnopqrstuvwxyzabcdefghijklmpost', data=b'Yay',
+                                 headers={'Content-Type': 'application/octet-stream'})
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+        assert response.data == b''
diff --git a/views.py b/views.py
index a64db62..aa30ef6 100755
--- a/views.py
+++ b/views.py
@@ -40,6 +40,9 @@ def post_message(drop_id):
         return '', status.HTTP_400_BAD_REQUEST
 
     message = request.data
+    authorization_header = request.headers.get('Authorization')
+    if authorization_header != 'Client Qabel':
+        return '', status.HTTP_400_BAD_REQUEST
     if message == b'' or message is None:
         return '', status.HTTP_400_BAD_REQUEST
     if len(message) > MESSAGE_SIZE_LIMIT: