diff --git a/app/controllers/api/asciicasts_controller.rb b/app/controllers/api/asciicasts_controller.rb
index a1f3605..285b5dc 100644
--- a/app/controllers/api/asciicasts_controller.rb
+++ b/app/controllers/api/asciicasts_controller.rb
@@ -1,6 +1,8 @@
 module Api
   class AsciicastsController < BaseController
 
+    before_filter :ensure_authenticated!, only: :create
+
     respond_to :html, only: [:show]
 
     attr_reader :asciicast
diff --git a/spec/api/asciicast_create_spec.rb b/spec/api/asciicast_create_spec.rb
index aefe434..6c4b6b3 100644
--- a/spec/api/asciicast_create_spec.rb
+++ b/spec/api/asciicast_create_spec.rb
@@ -307,10 +307,13 @@ describe "Asciicast creation" do
   context 'format 1' do
     subject { make_request }
 
+    let(:username) { 'kill' }
+    let(:token) { 'f33e6188-f53c-11e2-abf4-84a6c827e88b' }
+
     def make_request(asciicast_path = '1/asciicast.json')
       post '/api/asciicasts',
         { asciicast: fixture_file(asciicast_path, 'application/json') },
-        headers('kill', 'f33e6188-f53c-11e2-abf4-84a6c827e88b', 'asciinema/1.0.0 gc/go1.3 jola-amd64')
+        headers(username, token, 'asciinema/1.0.0 gc/go1.3 jola-amd64')
     end
 
     before { subject }
@@ -405,6 +408,15 @@ describe "Asciicast creation" do
       end
     end
 
+    context 'when auth is not present' do
+      let(:username) { nil }
+      let(:token) { nil }
+
+      it 'returns 401 status' do
+        expect(response.status).to eq(401)
+      end
+    end
+
   end
 
 end