diff --git a/app/routers/bot.py b/app/routers/bot.py
index 93d3371..26fa242 100644
--- a/app/routers/bot.py
+++ b/app/routers/bot.py
@@ -9,6 +9,8 @@ bot_bp = Blueprint('bot', __name__)
 
 # ------- Discord Token Functions
 @bot_bp.route('/request_token', methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def request_token_route():
     """
     API endpoint to request a token for a client.
@@ -53,6 +55,8 @@ async def request_token_route():
 
 
 @bot_bp.route('/tokens/', methods=['GET'])
+@jwt_required
+@role_required(UserRoles.USER)
 async def get_all_discord_tokens():
     """
     API endpoint to return all discord IDs
@@ -68,6 +72,8 @@ async def get_all_discord_tokens():
 
 
 @bot_bp.route('/token/<string:discord_id_param>', methods=['GET'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def get_discord_token_by_id(discord_id_param: str):
     """
     API endpoint to get a single Discord ID by its _id.
@@ -85,6 +91,8 @@ async def get_discord_token_by_id(discord_id_param: str):
 
 
 @bot_bp.route('/token', methods=["POST"])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def create_discord_token():
     """
     API Endpoint to create a discord token (adding a new bot)
@@ -121,6 +129,8 @@ async def create_discord_token():
 
 
 @bot_bp.route('/token/<string:discord_id_param>', methods=['PUT'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def update_discord_token(discord_id_param: str):
     """
     API endpoint to update a Discord ID by its _id.
@@ -148,6 +158,8 @@ async def update_discord_token(discord_id_param: str):
 
 
 @bot_bp.route('/token/<string:discord_id_param>', methods=['DELETE'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def delete_discord_token(discord_id_param: str):
     """
     API endpoint to delete a Discord ID by its _id.
diff --git a/app/routers/nodes.py b/app/routers/nodes.py
index 3c2f552..4c1f1ea 100644
--- a/app/routers/nodes.py
+++ b/app/routers/nodes.py
@@ -4,7 +4,7 @@ import websockets
 from quart import Blueprint, jsonify, request, abort, current_app
 from werkzeug.exceptions import HTTPException
 from enum import Enum
-from internal.types import ActiveClient, NodeCommands
+from internal.types import ActiveClient, NodeCommands, UserRoles
 import uuid # Import uuid for generating unique request IDs
 
 nodes_bp = Blueprint('nodes', __name__)
@@ -135,12 +135,16 @@ async def send_command_to_all_clients(command_name, *args):
 
 
 @nodes_bp.route("/", methods=['GET'])
+@jwt_required
+@role_required(UserRoles.USER)
 async def get_nodes():
     """API endpoint to list currently connected client IDs."""
     return jsonify(list(current_app.active_clients.keys()))
 
 
 @nodes_bp.route("/online", methods=['GET'])
+@jwt_required
+@role_required(UserRoles.USER)
 async def get_online_bots():
     active_bots = []
     for client_id, active_client in current_app.active_clients.items():
@@ -150,6 +154,8 @@ async def get_online_bots():
 
 
 @nodes_bp.route("/<client_id>/status", methods=["GET"])
+@jwt_required
+@role_required(UserRoles.USER)
 async def status(client_id):
     """
     Get the status from a given client
@@ -172,6 +178,8 @@ async def status(client_id):
 
 
 @nodes_bp.route("/<client_id>/join", methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def join(client_id):
     """
     Send a join command to the specific system specified
@@ -202,6 +210,8 @@ async def join(client_id):
 
 
 @nodes_bp.route("/<client_id>/leave", methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def leave(client_id):
     """
     Send a leave command to the specific node
@@ -230,6 +240,8 @@ async def leave(client_id):
 
 
 @nodes_bp.route("/<client_id>/op25_start", methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def op25_start(client_id):
     """
     Send an OP25 start command to the specific node
@@ -249,6 +261,8 @@ async def op25_start(client_id):
 
 
 @nodes_bp.route("/<client_id>/op25_stop", methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def op25_stop(client_id):
     """
     Send an OP25 stop command to the specific node
@@ -268,6 +282,8 @@ async def op25_stop(client_id):
 
 
 @nodes_bp.route("/<client_id>/op25_set", methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def op25_set(client_id):
     """
     Send an OP25 set config command to the specific node
diff --git a/app/routers/systems.py b/app/routers/systems.py
index bbbdfb5..31c00b3 100644
--- a/app/routers/systems.py
+++ b/app/routers/systems.py
@@ -6,6 +6,8 @@ systems_bp = Blueprint('systems', __name__)
 
 
 @systems_bp.route("/", methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def create_system_route():
     """API endpoint to create a new system."""
     print("\n--- Handling POST /systems ---")
@@ -50,6 +52,8 @@ async def create_system_route():
 
 
 @systems_bp.route('/', methods=['GET'])
+@jwt_required
+@role_required(UserRoles.USER)
 async def list_systems_route():
     """API endpoint to get a list of all systems."""
     print("\n--- Handling GET /systems ---")
@@ -65,6 +69,8 @@ async def list_systems_route():
 
 
 @systems_bp.route('/<string:system_id>', methods=['GET'])
+@jwt_required
+@role_required(UserRoles.USER)
 async def get_system_route(system_id: str):
     """API endpoint to get details for a specific system by ID."""
     print(f"\n--- Handling GET /systems/{system_id} ---")
@@ -86,6 +92,8 @@ async def get_system_route(system_id: str):
 
 
 @systems_bp.route('/client/<string:client_id>', methods=['GET'])
+@jwt_required
+@role_required(UserRoles.USER)
 async def get_system_by_client_route(client_id: str):
     """API endpoint to get details for a specific system by ID."""
     print(f"\n--- Handling GET /systems/client/{client_id} ---")
@@ -107,6 +115,8 @@ async def get_system_by_client_route(client_id: str):
 
 
 @systems_bp.route('/<string:system_id>', methods=['PUT'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def update_system_route(system_id: str):
     try:
         updated_system_data = await request.get_json()
@@ -132,6 +142,8 @@ async def update_system_route(system_id: str):
 
 
 @systems_bp.route('/<string:system_id>', methods=['DELETE'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def delete_system_route(system_id: str):
     try:
         query = {"_id": system_id}
@@ -149,6 +161,8 @@ async def delete_system_route(system_id: str):
         abort(500, f"An internal error occurred: {e}")
 
 @systems_bp.route('/<string:system_id>/assign', methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def assign_client_to_system_route(system_id: str):
     """
     API endpoint to assign a client ID to a system's available_on_nodes list.
@@ -205,6 +219,8 @@ async def assign_client_to_system_route(system_id: str):
 
 
 @systems_bp.route('/<string:system_id>/dismiss', methods=['POST'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def dismiss_client_from_system_route(system_id: str):
     """
     API endpoint to dismiss (remove) a client ID from a system's available_on_nodes list.
@@ -263,6 +279,8 @@ async def dismiss_client_from_system_route(system_id: str):
 
 
 @systems_bp.route('/search', methods=['GET'])
+@jwt_required
+@role_required(UserRoles.MOD)
 async def search_systems_route():
     """
     API endpoint to search for systems based on query parameters.