diff --git a/.env.example b/.env.example
index 8da06f01..c66fee50 100644
--- a/.env.example
+++ b/.env.example
@@ -73,3 +73,7 @@ AUTOMATICALLY_REPORT_PROBLEMS=False
 ##          read through what it enables.
 ##          you could put your server at risk.
 DEVELOPER_MODE=False
+
+# secrets settings
+TRUSTED_SECRET = ""
+LOCAL_ONLY = True
diff --git a/app/api/v2/common/secrets.py b/app/api/v2/common/secrets.py
new file mode 100644
index 00000000..4e7fa167
--- /dev/null
+++ b/app/api/v2/common/secrets.py
@@ -0,0 +1,9 @@
+from fastapi import HTTPException, Request
+
+from app import settings
+
+def validate_secret(request: Request, secret: str | None):
+    if secret != settings.TRUSTED_SECRET:
+        raise HTTPException(status_code=403, detail="Invaild secret.")
+    if settings.LOCAL_ONLY and request.client.host not in ("127.0.0.1", "localhost"):
+        raise HTTPException(status_code=403, detail="Invaild request.")
\ No newline at end of file