diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
index 47cd7bc3..8c219004 100644
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
@@ -79,6 +79,18 @@ object JavalinSetup {
             ctx.result(e.message ?: "Internal Server Error")
         }
 
+        app.before { ctx ->
+            fun credentialsValid(): Boolean {
+                val (username, password) = ctx.basicAuthCredentials()
+                return username == serverConfig.basicAuthUsername && password == serverConfig.basicAuthPassword
+            }
+
+            if (serverConfig.basicAuthEnabled && !(ctx.basicAuthCredentialsExist() && credentialsValid())) {
+                ctx.header("WWW-Authenticate", "Basic")
+                ctx.status(401).json("Unauthorized")
+            }
+        }
+
         app.routes {
             path("api/v1/") {
                 GlobalAPI.defineEndpoints()
diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/ServerConfig.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/ServerConfig.kt
index a0c02506..0e977c02 100644
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/ServerConfig.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/ServerConfig.kt
@@ -33,6 +33,11 @@ class ServerConfig(config: Config, moduleName: String = MODULE_NAME) : SystemPro
     val webUIInterface: String by overridableConfig
     val electronPath: String by overridableConfig
 
+    // Authentication
+    val basicAuthEnabled: Boolean by overridableConfig
+    val basicAuthUsername: String by overridableConfig
+    val basicAuthPassword: String by overridableConfig
+
     companion object {
         fun register(config: Config) = ServerConfig(config.getConfig(MODULE_NAME))
     }
diff --git a/server/src/main/resources/server-reference.conf b/server/src/main/resources/server-reference.conf
index 92768809..209bd02c 100644
--- a/server/src/main/resources/server-reference.conf
+++ b/server/src/main/resources/server-reference.conf
@@ -16,3 +16,8 @@ server.webUIEnabled = true
 server.initialOpenInBrowserEnabled = true
 server.webUIInterface = "browser" # "browser" or "electron"
 server.electronPath = ""
+
+# Authentication
+server.basicAuthEnabled = false
+server.basicAuthUsername = ""
+server.basicAuthPassword = ""