diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index d7c4650..d9ab86b 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -764,6 +764,10 @@ class StatsViewSet(viewsets.ViewSet, List):
         # {'data': 'Disarmed: Partition 1'}
         # {'data': 'Disarmed: Partition 2'}
 
+        auth_token = request.META.get('HTTP_AUTHORIZATION', '')
+        if secrets.VEND_API_TOKEN and auth_token != 'Bearer ' + secrets.ALARM_API_TOKEN:
+            raise exceptions.PermissionDenied()
+
         try:
             data = str(request.data['data'])
         except KeyError:
diff --git a/apiserver/apiserver/secrets.py.example b/apiserver/apiserver/secrets.py.example
index becf607..7a887dd 100644
--- a/apiserver/apiserver/secrets.py.example
+++ b/apiserver/apiserver/secrets.py.example
@@ -74,6 +74,12 @@ PRINTER_API_TOKEN = ''
 # head /dev/urandom | base32 | head -c 40
 PINBALL_API_TOKEN = ''
 
+# Alarm integration API token
+# Set this to random characters
+# For example, use the output of this:
+# head /dev/urandom | base32 | head -c 40
+ALARM_API_TOKEN = ''
+
 # Protospace general info
 DOOR_CODE = ''
 WIFI_PASS = ''