diff --git a/src/app/api/shutdown/route.js b/src/app/api/shutdown/route.js
index 7ce76ef9..bf7ff107 100644
--- a/src/app/api/shutdown/route.js
+++ b/src/app/api/shutdown/route.js
@@ -1,6 +1,18 @@
 import { NextResponse } from "next/server";
+import { headers } from "next/headers";
 
 export async function POST() {
+  if (process.env.NODE_ENV === "production") {
+    return NextResponse.json({ success: false, message: "Not allowed in production" }, { status: 403 });
+  }
+
+  const secret = process.env.SHUTDOWN_SECRET;
+  const authorization = headers().get("authorization");
+
+  if (!secret || authorization !== `Bearer ${secret}`) {
+    return NextResponse.json({ success: false, message: "Unauthorized" }, { status: 401 });
+  }
+
   const response = NextResponse.json({ success: true, message: "Shutting down..." });
 
   setTimeout(() => {