diff --git a/packages/nextjs/app/api/auth/siwe/route.tsx b/packages/nextjs/app/api/auth/siwe/route.tsx
index af27bbd..ebfd408 100644
--- a/packages/nextjs/app/api/auth/siwe/route.tsx
+++ b/packages/nextjs/app/api/auth/siwe/route.tsx
@@ -1,14 +1,15 @@
 import jwt from "jsonwebtoken";
 import { verifyMessage } from "viem";
+import { findUserByAddress } from "~~/services/database/users";
 
-// import { findUserByAddress } from "~~/services/database/users";
-
-// ToDo. Only for admins?
 export async function POST(request: Request) {
   const { signature, address } = await request.json();
   if (!process.env.JWT_SECRET) return new Response("Internal Server Error: JWT", { status: 500 });
   if (!signature || !address) return new Response("Bad Request", { status: 400 });
 
+  const user = await findUserByAddress(address);
+  if (!user.exists || user.data?.role !== "admin") return new Response("Unauthorized", { status: 401 });
+
   const signedMessage = `I want to sign in to grants.buidlguidl.com as ${address}`;
   const isMessageValid = await verifyMessage({ message: signedMessage, signature, address });