diff --git a/.env b/.env
index 01ee88b4cf2..1265eede2f1 100644
--- a/.env
+++ b/.env
@@ -120,6 +120,7 @@ PUBLIC_APP_DATA_SHARING=#set to 1 to enable options & text regarding data sharin
 PUBLIC_APP_DISCLAIMER=#set to 1 to show a disclaimer on login page
 LLM_SUMMERIZATION=true
 
+EXPOSE_API=true
 # PUBLIC_APP_NAME=HuggingChat
 # PUBLIC_APP_ASSETS=huggingchat
 # PUBLIC_APP_COLOR=yellow
diff --git a/.env.template b/.env.template
index b89ba07f7ac..d67429f955d 100644
--- a/.env.template
+++ b/.env.template
@@ -225,3 +225,5 @@ PUBLIC_GOOGLE_ANALYTICS_ID=G-8Q63TH4CSL
 # Not part of the .env but set as other variables in the space
 # ADDRESS_HEADER=X-Forwarded-For
 # XFF_DEPTH=2
+
+EXPOSE_API=false
\ No newline at end of file
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index dccd51d6422..ef1202b23eb 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -1,4 +1,4 @@
-import { COOKIE_NAME, MESSAGES_BEFORE_LOGIN } from "$env/static/private";
+import { COOKIE_NAME, EXPOSE_API, MESSAGES_BEFORE_LOGIN } from "$env/static/private";
 import type { Handle } from "@sveltejs/kit";
 import {
 	PUBLIC_GOOGLE_ANALYTICS_ID,
@@ -13,6 +13,10 @@ import { sha256 } from "$lib/utils/sha256";
 import { addWeeks } from "date-fns";
 
 export const handle: Handle = async ({ event, resolve }) => {
+	if (event.url.pathname.startsWith(`${base}/api/`) && EXPOSE_API !== "true") {
+		return new Response("API is disabled", { status: 403 });
+	}
+
 	function errorResponse(status: number, message: string) {
 		const sendJson =
 			event.request.headers.get("accept")?.includes("application/json") ||
diff --git a/src/routes/api/conversations/+server.ts b/src/routes/api/conversations/+server.ts
new file mode 100644
index 00000000000..1cc5d1d0b9e
--- /dev/null
+++ b/src/routes/api/conversations/+server.ts
@@ -0,0 +1,16 @@
+import { collections } from "$lib/server/database";
+import { authCondition } from "$lib/server/auth";
+
+export async function GET({ locals }) {
+	if (locals.user?._id || locals.sessionId) {
+		const res = await collections.conversations
+			.find({
+				...authCondition(locals),
+			})
+			.toArray();
+
+		return Response.json(res);
+	} else {
+		return Response.json({ message: "Must have session cookie" }, { status: 401 });
+	}
+}
diff --git a/src/routes/api/models/+server.ts b/src/routes/api/models/+server.ts
new file mode 100644
index 00000000000..6b0518856ed
--- /dev/null
+++ b/src/routes/api/models/+server.ts
@@ -0,0 +1,19 @@
+import { models } from "$lib/server/models";
+
+export async function GET() {
+	const res = models.map((model) => ({
+		id: model.id,
+		name: model.name,
+		websiteUrl: model.websiteUrl,
+		modelUrl: model.modelUrl,
+		datasetName: model.datasetName,
+		datasetUrl: model.datasetUrl,
+		displayName: model.displayName,
+		description: model.description,
+		promptExamples: model.promptExamples,
+		preprompt: model.preprompt,
+		multimodal: model.multimodal,
+		unlisted: model.unlisted,
+	}));
+	return Response.json(res);
+}