diff --git a/cmd/api/main.go b/cmd/api/main.go
index e228904..2b39985 100644
--- a/cmd/api/main.go
+++ b/cmd/api/main.go
@@ -39,6 +39,9 @@ func main() {
 	flag.StringVar(&cfg.ENV, "env", os.Getenv("ENV_STAGE"), "Environment (development|Staging|production")
 	flag.StringVar(&cfg.DB.DSN, "db-dsn", os.Getenv("SW_DB_DSN"), "PostgreSQL DSN")
 
+	flag.StringVar(&cfg.BasicAuth.USERNAME, "basicauth-username", os.Getenv("BASICAUTH_USERNAME"), "basicauth-username")
+	flag.StringVar(&cfg.BasicAuth.PASSWORD, "basicauth-password", os.Getenv("BASICAUTH_PASSWORD"), "basicauth-password")
+	
 	flag.StringVar(&cfg.NextSmS.Username, "nextsms-username", os.Getenv("NEXTSMS_USERNAME"), "nextsms-username")
 	flag.StringVar(&cfg.NextSmS.Password, "nextsms-password", os.Getenv("NEXTSMS_PASSWORD"), "nextsms-password")
 
diff --git a/cmd/api/routes.go b/cmd/api/routes.go
index b4f777f..2bb1693 100644
--- a/cmd/api/routes.go
+++ b/cmd/api/routes.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/subtle"
 	"net/http"
 
 	"github.com/labstack/echo/v4"
@@ -25,11 +26,21 @@ func (app *application) routes() *echo.Echo {
 	e.POST("/login", app.createAuthTokenHandler)
 	e.GET("/lichess/leaderboard", app.leaderboardHandler)
 
-	e.GET("/lichess/members", app.getLichessTeamMemberHandler)
-	e.POST("/lichess/members", app.insertLichessTeamMemberHandler)
-    e.POST("/telegram/bot/users", app.insertTgUserHandler)
-	e.PUT("/telegram/bot/users", app.updateTgUserHandler)
-	e.GET("/telegram/bot/users/active", app.getActiveTgUserHandler)
+	// for chessbot
+	b := e.Group("/bot")
+	b.Use(middleware.BasicAuth(func(username, password string, c echo.Context) (bool, error) {
+		if subtle.ConstantTimeCompare([]byte(username), []byte(app.config.BasicAuth.USERNAME)) == 1 &&
+			subtle.ConstantTimeCompare([]byte(password), []byte(app.config.BasicAuth.PASSWORD)) == 1 {
+			return true, nil
+		}
+		return false, nil
+	}))
+
+	b.GET("/lichess/members", app.getLichessTeamMemberHandler)
+	b.POST("/lichess/members", app.insertLichessTeamMemberHandler)
+	b.POST("/telegram/bot/users", app.insertTgUserHandler)
+	b.PUT("/telegram/bot/users", app.updateTgUserHandler)
+	b.GET("/telegram/bot/users/active", app.getActiveTgUserHandler)
 
 	// user management
 	e.POST("/users", app.registerUserHandler)
diff --git a/config/config.go b/config/config.go
index 4354a1a..a77cb87 100644
--- a/config/config.go
+++ b/config/config.go
@@ -12,6 +12,11 @@ type Config struct {
 	PORT string
 	ENV  string
 
+	BasicAuth struct {
+		USERNAME string
+		PASSWORD string
+	}
+
 	DB struct {
 		DSN          string
 		MaxOpenConns int