diff --git a/config.ru b/config.ru
index 8d3f596..c6074bd 100644
--- a/config.ru
+++ b/config.ru
@@ -6,9 +6,37 @@ Geminabox.data = '/srv/http'
 Geminabox.rubygems_proxy = true
 Geminabox.allow_remote_failure = true
 
-use Rack::Auth::Basic, 'Gems' do |username, password|
-  username == ENV.fetch('HTTP_BASIC_USER', SecureRandom.hex) &&
-  password == ENV.fetch('HTTP_BASIC_PASSWORD', SecureRandom.hex)
+# https://github.com/geminabox/geminabox/wiki/Http-Basic-Auth
+Geminabox::Server.helpers do
+  def protected!
+    unless authorized?
+      response['WWW-Authenticate'] = %(Basic realm="Geminabox")
+      halt 401, "No pushing or deleting without auth.\n"
+    end
+  end
+
+  def authorized?
+    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
+    @auth.provided? &&
+      @auth.basic? &&
+      @auth.credentials &&
+      @auth.credentials == [ENV.fetch('HTTP_BASIC_USER', SecureRandom.hex),
+                            ENV.fetch('HTTP_BASIC_PASSWORD', SecureRandom.hex)]
+  end
+end
+
+Geminabox::Server.before '/upload' do
+  protected!
+end
+
+Geminabox::Server.before do
+  protected! if request.delete?
+end
+
+Geminabox::Server.before '/api/v1/gems' do
+  unless ENV['HTTP_AUTHORIZATION'] == 'API_KEY'
+    halt 401, "Access Denied. Api_key invalid or missing.\n"
+  end
 end
 
 use Rack::Session::Redis, redis_server: 'redis://redis:6379/2'