diff --git a/app/controllers/api/v0/base_controller.rb b/app/controllers/api/v0/base_controller.rb
index 4d76e83..7e939fd 100644
--- a/app/controllers/api/v0/base_controller.rb
+++ b/app/controllers/api/v0/base_controller.rb
@@ -107,7 +107,7 @@
             @token = token
             @user = User.find_by(api_token: token)
             # if no user found, return false, otherwise true
-            !@user.nil?
+            !@user.nil? && @user.can_use_api?
           else
             false
           end