diff --git a/api/__init__.py b/api/__init__.py
index 3b4b209..2570be9 100644
--- a/api/__init__.py
+++ b/api/__init__.py
@@ -53,9 +53,16 @@ def create_app():
 
     @app.route('/presentation/<string:presentation>', methods=['DELETE'])
     def delete_presentation(presentation):
+        data = request.get_json()
+        if not 'auth' in data or not _valid_credential(data['auth']):
+           return Response(response="Use correct credentials to access this endpoint", status=401)
+           
         shutil.rmtree(os.path.join(storagedir, presentation))
         return Response(response='Deleted {}'.format(presentation))
 
+    def _valid_credential(pw):
+        return config['api']['password'] == pw
+
     @app.route('/presentation/<string:presentation>/<path:path>')
     def serve_file(presentation, path):
         realpath = safe_join(storagedir, os.path.join(presentation, path))
@@ -115,7 +122,7 @@ def create_app():
     @app.route('/status/daemon')
     def daemon_status():
         running = False
-        if daemon_detect.is_running():
+        if api.daemon_detect.is_running():
             running = True
         return Response(response=json.dumps({'running': running}),
                         content_type='application/json')
diff --git a/config.ini.example b/config.ini.example
index bdf7fb0..f4f366a 100644
--- a/config.ini.example
+++ b/config.ini.example
@@ -2,6 +2,7 @@
 permission_url = https://example.com/perm
 cache_seconds = 30
 log_level = DEBUG
+password = dummy
 
 [db]
 database = somedatabase