diff --git a/src/main/java/org/mskcc/cbio/oncokb/web/rest/CompanyResource.java b/src/main/java/org/mskcc/cbio/oncokb/web/rest/CompanyResource.java
index d363c146a..f5068daf7 100644
--- a/src/main/java/org/mskcc/cbio/oncokb/web/rest/CompanyResource.java
+++ b/src/main/java/org/mskcc/cbio/oncokb/web/rest/CompanyResource.java
@@ -2,6 +2,7 @@
 
 import org.mskcc.cbio.oncokb.domain.Company;
 import org.mskcc.cbio.oncokb.repository.CompanyRepository;
+import org.mskcc.cbio.oncokb.security.AuthoritiesConstants;
 import org.mskcc.cbio.oncokb.service.CompanyService;
 import org.mskcc.cbio.oncokb.service.UserService;
 import org.mskcc.cbio.oncokb.web.rest.errors.BadRequestAlertException;
@@ -23,6 +24,7 @@
 import java.net.URISyntaxException;
 import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 
 /**
  * REST controller for managing {@link org.mskcc.cbio.oncokb.domain.Company}.
@@ -102,6 +104,16 @@ public ResponseEntity<CompanyDTO> updateCompany(@Valid @RequestBody CompanyVM co
         }
 
         CompanyDTO result = companyService.updateCompany(companyVM);
+        List<UserDTO> usersInCompany = userService.getCompanyUsers(result.getId());
+        for (UserDTO user : usersInCompany) {
+            Set<String> userAuthorities = user.getAuthorities();
+            if (!userAuthorities.contains(AuthoritiesConstants.API)) {
+                userAuthorities.add(AuthoritiesConstants.API);
+                userService.updateUser(user);
+            }
+        }
+
+
         return ResponseEntity.ok()
             .body(result);
     }