diff --git a/lib/http/server.js b/lib/http/server.js
index e04bb141..c90641e1 100644
--- a/lib/http/server.js
+++ b/lib/http/server.js
@@ -1269,6 +1269,9 @@ HTTPServer.prototype._initIO = function _initIO() {
       if (blocks != null && !utils.isNumber(blocks))
         return callback({ error: 'Invalid parameter.' });
 
+      if (!socket.api)
+        return callback({ error: 'Not authorized.' });
+
       if (!self.fees) {
         rate = self.network.feeRate;
         rate = utils.btc(rate);
@@ -1288,6 +1291,9 @@ HTTPServer.prototype._initIO = function _initIO() {
       if (!utils.isHex(data))
         return callback({ error: 'Invalid parameter.' });
 
+      if (!socket.api)
+        return callback({ error: 'Not authorized.' });
+
       try {
         tx = TX.fromRaw(data, 'hex');
       } catch (e) {