diff --git a/location_service/.env.sample b/location_service/.env.sample
index 94efe32..f377940 100644
--- a/location_service/.env.sample
+++ b/location_service/.env.sample
@@ -1 +1,2 @@
 DATABASE_URI="postgresql+psycopg2://user:password@host:port/database"
+AUTH_KEY=""
diff --git a/location_service/Dockerfile b/location_service/Dockerfile
index d174c74..3d25438 100644
--- a/location_service/Dockerfile
+++ b/location_service/Dockerfile
@@ -2,6 +2,7 @@ FROM python:3.11.4-buster
 RUN pip install --upgrade cython pip
 
 ENV DATABASE_URI=""
+ENV AUTH_KEY=""
 
 WORKDIR /usr/location_service
 
@@ -12,4 +13,4 @@ COPY . .
 
 
 EXPOSE 5000
-CMD [ "python", "src/main.py" ]
\ No newline at end of file
+CMD [ "python", "src/main.py", "--create-table", "true", "--seed-filename", "./uw_sample_gpx.csv"]
diff --git a/location_service/README.md b/location_service/README.md
index af63589..6e9f8c3 100644
--- a/location_service/README.md
+++ b/location_service/README.md
@@ -33,6 +33,13 @@ and the service will be running on [localhost:5000](http://localhost:5000/)
 ### `/all` [GET]
 
 Retruns all the data in the `location_service` database
+Expected body:
+
+```
+{
+    auth_key: <String>
+}
+```
 
 ### `/location` [POST]
 
@@ -41,7 +48,8 @@ Expected body:
 ```
 {
     lat: <Float>,
-    lon: <Float>
+    lon: <Float>,
+    auth_key: <String>
 }
 ```
 
diff --git a/location_service/src/main.py b/location_service/src/main.py
index ad4f1d3..dd7b5f4 100644
--- a/location_service/src/main.py
+++ b/location_service/src/main.py
@@ -12,6 +12,7 @@
 
 load_dotenv()
 DATABASE_URI = os.environ.get("DATABASE_URI")
+AUTH_KEY = os.environ.get("AUTH_KEY")
 
 
 parser = ArgumentParser()
@@ -74,6 +75,10 @@ def seed_from_csv(filename):
         db.session.commit()
 
 
+def authorized(auth_key):
+    return auth_key == AUTH_KEY
+
+
 @app.route("/", methods=["GET"])
 def index():
     return "location service"
@@ -81,6 +86,10 @@ def index():
 
 @app.route("/all", methods=["GET"])
 def all():
+    body = json.loads(request.data)
+    auth_key = body.get("auth_key", None)
+    if not authorized(auth_key):
+        return "Not authorized", 401
     locations = db.session.query(Location).order_by(asc(Location.id))
     return [l.to_dict() for l in locations]
 
@@ -90,6 +99,9 @@ def closest_location():
     body = json.loads(request.data)
     lat = body.get("lat", None)
     lon = body.get("lon", None)
+    auth_key = body.get("auth_key", None)
+    if not authorized(auth_key):
+        return "Not authorized", 401
     if lat is None or lon is None:
         return "Invalid request body", 400
     location = (