diff --git a/config.go b/config.go
index ea83adc..11451dc 100644
--- a/config.go
+++ b/config.go
@@ -36,9 +36,16 @@ type Sensor struct {
 	Verbose     bool    `json:"verbose"     yaml:"verbose"`
 }
 
+// User defines a user's configuration
+type User struct {
+	Name     string `json:"name" yaml:"name"`
+	Password string `json:"password" yaml:"password"`
+}
+
 // Config contains the applications configuration
 type Config struct {
 	Sensors           []Sensor `yaml:"sensors"`
+	Users             []User   `yaml:"users"`
 	BaseURL           string   `yaml:"baseurl"`
 	ListenAddr        string   `yaml:"listenaddr"`
 	DisplayFahrenheit bool     `yaml:"displayfahrenheit"`
diff --git a/config_test.go b/config_test.go
index 4eb03af..262dc96 100644
--- a/config_test.go
+++ b/config_test.go
@@ -8,6 +8,11 @@ import (
 
 func Test_LoadConfig(t *testing.T) {
 
+	testUser := User{
+		Name:     "foo",
+		Password: "bar",
+	}
+
 	testConfig := Config{
 		Sensors: []Sensor{
 			Sensor{
@@ -24,6 +29,7 @@ func Test_LoadConfig(t *testing.T) {
 				Verbose:     true,
 			},
 		},
+		Users:             []User{testUser},
 		BaseURL:           "https://foo.bar",
 		ListenAddr:        "127.0.0.1:8080",
 		DisplayFahrenheit: true,
diff --git a/tests/duplicate_alias.yml b/tests/duplicate_alias.yml
index beaec94..1a99214 100644
--- a/tests/duplicate_alias.yml
+++ b/tests/duplicate_alias.yml
@@ -21,6 +21,8 @@ sensors:
   coolinvert: false
   coolminutes: 10
   verbose: true
+users:
+- foo: bar
 baseurl: https://foo.bar
 listenaddr: 127.0.0.1:8080
 displayfahrenheit: true
diff --git a/tests/duplicate_id.yml b/tests/duplicate_id.yml
index ec7cc10..1fec0e1 100644
--- a/tests/duplicate_id.yml
+++ b/tests/duplicate_id.yml
@@ -21,6 +21,8 @@ sensors:
   coolinvert: false
   coolminutes: 10
   verbose: true
+users:
+- foo: bar
 baseurl: https://foo.bar
 listenaddr: 127.0.0.1:8080
 displayfahrenheit: true
diff --git a/tests/test_config.yml b/tests/test_config.yml
index 3cd901f..be677a7 100644
--- a/tests/test_config.yml
+++ b/tests/test_config.yml
@@ -10,6 +10,9 @@ sensors:
   coolinvert: false
   coolminutes: 10
   verbose: true
+users:
+  - name: foo
+    password: bar
 baseurl: https://foo.bar
 listenaddr: 127.0.0.1:8080
 displayfahrenheit: true
diff --git a/web.go b/web.go
index e5f5849..b71e094 100644
--- a/web.go
+++ b/web.go
@@ -40,6 +40,7 @@ func ConfigHandler(config *Config) gin.HandlerFunc {
 		} else if c.Param("alias") == "/" {
 			c.JSON(http.StatusOK, config.Sensors)
 		} else {
+			config.Users = nil // Never return the users in GET requests
 			c.JSON(http.StatusOK, config)
 		}
 	}
@@ -125,7 +126,7 @@ func SetupRouter(config *Config, states *map[string]State) *gin.Engine {
 	r.GET("/ping", PingHandler)
 
 	// API Endpoints
-	api := r.Group("/api")
+	api := r.Group("/api", gin.BasicAuth(GetGinAccounts(config)))
 	{
 		api.GET("/status", StatusHandler(states))
 		api.GET("/status/*alias", StatusHandler(states))
@@ -159,6 +160,15 @@ func reloadWebConfig(c *Config, p string) error {
 	return nil
 }
 
+// GetGinAccounts returns a gin.Accounts struct with values pulled from a Config struct
+func GetGinAccounts(config *Config) gin.Accounts {
+	var a gin.Accounts
+	for _, user := range config.Users {
+		a[user.Name] = user.Password
+	}
+	return a
+}
+
 // RunWeb launches a web server. sc is used to update the states from the Thermostats.
 func RunWeb(configpath string, sc <-chan State, wg *sync.WaitGroup) {
 	// Update sensor states when a new state comes back from the thermostat.