diff --git a/PUSGS_Project/PUSGS_Project/Controllers/AviationController.cs b/PUSGS_Project/PUSGS_Project/Controllers/AviationController.cs
index 2b68a66..fd38af6 100644
--- a/PUSGS_Project/PUSGS_Project/Controllers/AviationController.cs
+++ b/PUSGS_Project/PUSGS_Project/Controllers/AviationController.cs
@@ -3,6 +3,8 @@
 using Core.Interfaces.Services;
 using Core.ViewModels.Aviation;
 using Core.ViewModels.Aviation.Requests;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
 using System.Linq;
@@ -44,6 +46,7 @@ public async Task<object> Get(int id)
 
         // POST api/<controller>
         [HttpPost]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task<long> Post([FromBody]AddOrUpdateAviationCompanyRequestModel model)
         {
             return _aviationService.AddAviationCompanyAsync(model);
@@ -51,6 +54,7 @@ public Task<long> Post([FromBody]AddOrUpdateAviationCompanyRequestModel model)
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task Put(long id, [FromBody]AddOrUpdateAviationCompanyRequestModel model)
         {
             model.Id = id;
@@ -59,6 +63,7 @@ public Task Put(long id, [FromBody]AddOrUpdateAviationCompanyRequestModel model)
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task Delete(long id)
         {
             return _aviationService.DeleteAviationCompanyAsync(id);
diff --git a/PUSGS_Project/PUSGS_Project/Controllers/FlightController.cs b/PUSGS_Project/PUSGS_Project/Controllers/FlightController.cs
index 3699e83..589674b 100644
--- a/PUSGS_Project/PUSGS_Project/Controllers/FlightController.cs
+++ b/PUSGS_Project/PUSGS_Project/Controllers/FlightController.cs
@@ -2,11 +2,14 @@
 using Core.Interfaces.Services;
 using Core.ViewModels.Aviation;
 using Core.ViewModels.Aviation.Requests;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore.Metadata.Internal;
 using Microsoft.Extensions.Options;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net;
 using System.Threading.Tasks;
 
 namespace PUSGS_Project.Controllers
@@ -30,6 +33,7 @@ public FlightController(IFlightService flightService, IEmailService emailService
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task Delete(long id)
         {
             return _flightService.RemoveAsync(id);
@@ -56,12 +60,14 @@ public async Task<object> Get(long id)
 
         // POST api/<controller>
         [HttpPost]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task<long> Post([FromBody]AddFlightRequestModel model)
         {
             return _flightService.AddAsync(model);
         }
 
         [HttpPut("{id}")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task Put(long id, [FromBody] UpdateFlightRequestModel model)
         {
             return _flightService.UpdateAsync(id, model);
@@ -78,12 +84,14 @@ public Task AcceptReservation(long id)
         }
 
         [HttpDelete("ticket/{id}")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task CancelReservation(long id)
         {
             return _flightService.CancelReservationAsync(id);
         }
 
         [HttpPost("ticket")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public async Task<long> MakeReservation([FromBody]FlightTicketModel model)
         {
             var ticketId = await _flightService.MakeReservationAsync(model);
@@ -104,6 +112,7 @@ private Task SendTicketSuccessNotificationAsync(string email, FlightTicketModel
         }
 
         [HttpPost("ticket-invitation")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public async Task InviteFriends([FromBody]InviteFriendsRequestModel request)
         {
             var friendTickets = await _flightService.MakeFriendReservations(request.FlightTickets);
@@ -124,18 +133,21 @@ private Task SendInvitationAsync(FlightTicket ticket)
         }
 
         [HttpPost("quick-reservation")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task MakeQuickReservation([FromBody]QuickReservationRequestModel model)
         {
             return _flightService.MakeQuickReservationAsync(model);
         }
 
         [HttpDelete("quick-reservation/{id}")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task CancelQuickReservation(long id)
         {
             return _flightService.CancelQuickReservationAsync(id);
         }
 
         [HttpPost("rate")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         public Task RateFlight([FromBody]RateFlightRequestModel model)
         {
             return _flightService.RateAsync(model);