diff --git a/CHANGELOG.md b/CHANGELOG.md
index 18c59f56fa5d7bd3a179c7e443a157b57afd3f4b..e210c2b153d2457c91079eb691f6f6055b6284bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,17 @@
+## [1.0.16-RELEASE]
+### Added
+- Added request authorisation check.
+### Changed
+- Changes in existing functionality.
+
+### Deprecated
+- Soon-to-be removed features.
+
+### Removed
+- Features that have been removed.
+
+### Fixed
+- Any bug fixes.
 ## [1.0.15-RELEASE]
 ### Added
 - User Statistics
diff --git a/pom.xml b/pom.xml
index a187f536b6ab08f776e1ab331918d51a7e8db6a1..eb6cf6ccb6df7b5d9da385ab4931025dba22245b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>com.marketingconfort</groupId>
 		<artifactId>mc-starter-parent</artifactId>
-		<version>1.0.45-RELEASE</version>
+		<version>1.0.46-RELEASE</version>
 		<relativePath/>
 	</parent>
 	<groupId>com.marketingconfort</groupId>
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java b/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java
index b8e6a1a4471b9eb52acebb3d0aed61abb6ee242b..28bed04ffe5fa1e9e34a92992e22450772e9f614 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/AddressController.java
@@ -9,6 +9,7 @@ import com.marketingconfort.mydressin.service.AddressService;
 import lombok.AllArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -20,42 +21,55 @@ public class AddressController {
 
     private final AddressService addressService;
 
+
     @GetMapping(Paths.ADDRESS_ROOT)
-    public ResponseEntity<List<AddressDTO>> getAllAddresses() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<AddressDTO>> getAllAddresses(@RequestHeader String requestAuthorization) {
         List<AddressDTO> addresses = addressService.getAllAddresses();
         return ResponseEntity.ok(addresses);
     }
+
     @GetMapping(Paths.ADDRESSES_BY_CLIENT_EMAIL)
-    public ResponseEntity<List<AddressDTO>> getAddressByClientEmail( @PathVariable String email) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<AddressDTO>> getAddressByClientEmail(
+            @PathVariable String email, @RequestHeader String requestAuthorization) {
         List<AddressDTO> addresses = addressService.getAddressByClientEmail(email);
         return ResponseEntity.ok(addresses);
     }
 
     @GetMapping(Paths.ADDRESS_BY_ID)
-    public ResponseEntity<AddressDTO> getAddressById(@PathVariable Long id) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<AddressDTO> getAddressById(@PathVariable Long id, @RequestHeader String requestAuthorization) {
         AddressDTO address = addressService.getAddressById(id);
         return ResponseEntity.ok(address);
     }
 
     @PostMapping(Paths.ADDRESS_ADD)
-    public ResponseEntity<AddressDTO> addAddress(@RequestBody SaveAddressRequest saveAddressRequest) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<AddressDTO> addAddress(
+            @RequestBody SaveAddressRequest saveAddressRequest, @RequestHeader String requestAuthorization) {
         AddressDTO addAddress = addressService.addAddress(saveAddressRequest);
         return ResponseEntity.ok(addAddress);
     }
 
     @PutMapping(Paths.ADDRESS_UPDATE)
-    public ResponseEntity<AddressDTO> updateAddress(@RequestBody AddressDTO addressDTO) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<AddressDTO> updateAddress(@RequestBody AddressDTO addressDTO, @RequestHeader String requestAuthorization) {
         AddressDTO updatedAddress = addressService.updateAddress(addressDTO);
         return ResponseEntity.ok(updatedAddress);
     }
 
     @DeleteMapping(Paths.ADDRESS_DELETE)
-    public ResponseEntity<Void> deleteAddress(@PathVariable Long id) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<Void> deleteAddress(@PathVariable Long id, @RequestHeader String requestAuthorization) {
         addressService.deleteAddress(id);
         return ResponseEntity.noContent().build();
     }
+
     @PostMapping(Paths.PRIMARY_ADDRESS)
-    public ResponseEntity<String> setPrimaryAddress(@RequestBody SetPrimaryAddressRequest setPrimaryAddressRequest) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<String> setPrimaryAddress(
+            @RequestBody SetPrimaryAddressRequest setPrimaryAddressRequest, @RequestHeader String requestAuthorization) {
         try {
             addressService.setPrimaryAddress(setPrimaryAddressRequest);
             return ResponseEntity.ok("L'adresse principale a été définie avec succès.");
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java b/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java
index 393e1add2d636d9ca6ed74a0d2929a9f524aeb80..b94a4c6a813544b73f236ce30198b13179730480 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/DriverController.java
@@ -6,10 +6,8 @@ import com.marketingconfort.mydressin.dto.UserDTO;
 import com.marketingconfort.mydressin.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
@@ -22,13 +20,15 @@ public class DriverController {
 
 
     @GetMapping
-    public ResponseEntity<List<UserDTO>> getAllDrivers() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<UserDTO>> getAllDrivers(@RequestHeader String requestAuthorization) {
         List<UserDTO> drivers = userService.getAllDrivers();
         return ResponseEntity.ok(drivers);
     }
 
     @GetMapping("/{driverId}")
-    public ResponseEntity<UserDTO> getDriverById(@PathVariable Long driverId) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<UserDTO> getDriverById(@PathVariable Long driverId, @RequestHeader String requestAuthorization) {
         UserDTO driver = userService.getUserByRoleAndId("DRIVER", driverId);
         return ResponseEntity.ok(driver);
     }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java b/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java
index 877f573b107c1f0c16c08bc335f17cd3aabf6f5c..8f1ab2abeb91de6822ddf02ecae5b37c2fefdd75 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/LiveClientController.java
@@ -6,6 +6,7 @@ import com.marketingconfort.mydressin.dto.LiveClientResponse;
 import com.marketingconfort.mydressin.service.LiveClientService;
 import lombok.AllArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -18,32 +19,38 @@ public class LiveClientController {
     private LiveClientService liveClientService;
 
     @GetMapping(Paths.CLIENTS_GET)
-    public ResponseEntity<List<LiveClientResponse>> getAllClients() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<LiveClientResponse>> getAllClients(@RequestHeader String requestAuthorization) {
         List<LiveClientResponse> clients = liveClientService.getAllClients();
         return ResponseEntity.ok(clients);
     }
 
     @PutMapping(Paths.CLIENTS_UPDATE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public ResponseEntity<LiveClientDTO> updateClient(
             @PathVariable("id") long id,
-            @RequestBody LiveClientDTO liveClientDTO) {
+            @RequestBody LiveClientDTO liveClientDTO,
+            @RequestHeader String requestAuthorization) {
         LiveClientDTO updatedClient = liveClientService.updateClient(id, liveClientDTO);
         return ResponseEntity.ok(updatedClient);
     }
 
     @PutMapping(Paths.CLIENTS_Ban_client)
-    public ResponseEntity<LiveClientDTO> banClient(@PathVariable Long clientId) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<LiveClientDTO> banClient(@PathVariable Long clientId, @RequestHeader String requestAuthorization) {
         LiveClientDTO updatedClient = liveClientService.banClient(clientId);
         return ResponseEntity.ok(updatedClient);
     }
 
     @PutMapping(Paths.CLIENTS_Unban_client)
-    public ResponseEntity<LiveClientDTO> unbanClient(@PathVariable Long clientId) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<LiveClientDTO> unbanClient(@PathVariable Long clientId, @RequestHeader String requestAuthorization) {
         LiveClientDTO updatedClient = liveClientService.unbanClient(clientId);
         return ResponseEntity.ok(updatedClient);
     }
     @PostMapping(Paths.CLIENTS_get)
-    public ResponseEntity<List<LiveClientDTO>> getClientsByUid(@RequestBody List<Long> clientsUid) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<LiveClientDTO>> getClientsByUid(@RequestBody List<Long> clientsUid, @RequestHeader String requestAuthorization) {
         List<LiveClientDTO> clients = liveClientService.getClientsByUid(clientsUid);
         return ResponseEntity.ok(clients);
     }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java b/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java
index 5bacde2903e1190b4d9cb22e51eeadb56d8b9505..1d85518576e73d92c1ad83fa3f90b390cfe0af57 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/RecaptchaController.java
@@ -4,19 +4,27 @@ import com.marketingconfort.mydressin.constants.Paths;
 import com.marketingconfort.mydressin.service.RecaptchaService;
 import lombok.AllArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @AllArgsConstructor
 @RestController
 @RequestMapping(Paths.USER_BASE)
 public class RecaptchaController {
+
     private final RecaptchaService recaptchaService;
+
+
     @GetMapping(Paths.VALIDATE_RECAPTCHA)
-    public ResponseEntity<Boolean> validateTokenRecaptcha(@PathVariable String token) throws Exception {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<Boolean> validateTokenRecaptcha(@PathVariable String token, @RequestHeader String requestAuthorization) throws Exception {
             return ResponseEntity.ok(recaptchaService.validateToken(token));
     }
+
     @GetMapping(Paths.RETURN_SITE_KEY)
-    public ResponseEntity<String> returnSiteKey(){
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<String> returnSiteKey(@RequestHeader String requestAuthorization){
             return ResponseEntity.ok(recaptchaService.returnCaptchaSiteKey());
     }
+
 }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java b/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java
index d5d1b0228f81821dcdc9bf6ada2936fd237b6b12..9f88bfb83c59ddb4522fcadaa11fa1f49a48e236 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/RoleController.java
@@ -8,62 +8,69 @@ import com.marketingconfort.mydressin.service.RoleService;
 import lombok.AllArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
-    @RestController
-    @RequestMapping(Paths.ROLE_BASE)
-    @AllArgsConstructor
-    public class RoleController {
+@RestController
+@RequestMapping(Paths.ROLE_BASE)
+@AllArgsConstructor
+public class RoleController {
 
-        private final RoleService roleService;
+    private final RoleService roleService;
 
-        @GetMapping(Paths.ROLE_ROOT)
-        public ResponseEntity<List<RoleDTO>> getAllRoles() {
-            List<RoleDTO> roles = roleService.getAllRoles();
-            return new ResponseEntity<>(roles, HttpStatus.OK);
-        }
 
-        @GetMapping(Paths.ROLE_BY_ID)
-        public ResponseEntity<RoleDTO> getRoleById(@PathVariable Long id) {
-            try {
-                RoleDTO role = roleService.getRoleById(id);
-                return new ResponseEntity<>(role, HttpStatus.OK);
-            } catch (BusinessException e) {
-                return new ResponseEntity<>(null, HttpStatus.NOT_FOUND);
-            }
-        }
+    @GetMapping(Paths.ROLE_ROOT)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<RoleDTO>> getAllRoles(@RequestHeader String requestAuthorization) {
+        List<RoleDTO> roles = roleService.getAllRoles();
+        return new ResponseEntity<>(roles, HttpStatus.OK);
+    }
 
-        @PostMapping(Paths.ROLE_ADD)
-        public ResponseEntity<RoleDTO> addRole(@RequestBody RoleDtoSave roleDtoSave) {
-            try {
-                RoleDTO createdRole = roleService.addRole(roleDtoSave);
-                return new ResponseEntity<>(createdRole, HttpStatus.CREATED);
-            } catch (BusinessException e) {
-                return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
-            }
+    @GetMapping(Paths.ROLE_BY_ID)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<RoleDTO> getRoleById(@PathVariable Long id, @RequestHeader String requestAuthorization) {
+        try {
+            RoleDTO role = roleService.getRoleById(id);
+            return new ResponseEntity<>(role, HttpStatus.OK);
+        } catch (BusinessException e) {
+            return new ResponseEntity<>(null, HttpStatus.NOT_FOUND);
         }
+    }
 
-        @PutMapping(Paths.ROLE_UPDATE)
-        public ResponseEntity<RoleDTO> updateRole(@PathVariable Long id, @RequestBody RoleDtoSave roleDTO) {
-            try {
-                RoleDTO updatedRole = roleService.updateRole(id, roleDTO);
-                return new ResponseEntity<>(updatedRole, HttpStatus.OK);
-            } catch (BusinessException e) {
-                return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
-            }
+    @PostMapping(Paths.ROLE_ADD)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<RoleDTO> addRole(@RequestBody RoleDtoSave roleDtoSave, @RequestHeader String requestAuthorization) {
+        try {
+            RoleDTO createdRole = roleService.addRole(roleDtoSave);
+            return new ResponseEntity<>(createdRole, HttpStatus.CREATED);
+        } catch (BusinessException e) {
+            return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
         }
+    }
 
-        @DeleteMapping(Paths.ROLE_DELETE)
-        public ResponseEntity<Void> deleteRole(@PathVariable Long id) {
-            try {
-                roleService.removeRole(id);
-                return new ResponseEntity<>(HttpStatus.NO_CONTENT);
-            } catch (BusinessException e) {
-                return new ResponseEntity<>(HttpStatus.NOT_FOUND);
-            }
+    @PutMapping(Paths.ROLE_UPDATE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<RoleDTO> updateRole(
+            @PathVariable Long id, @RequestBody RoleDtoSave roleDTO, @RequestHeader String requestAuthorization) {
+        try {
+            RoleDTO updatedRole = roleService.updateRole(id, roleDTO);
+            return new ResponseEntity<>(updatedRole, HttpStatus.OK);
+        } catch (BusinessException e) {
+            return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
         }
     }
 
+    @DeleteMapping(Paths.ROLE_DELETE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<Void> deleteRole(@PathVariable Long id, @RequestHeader String requestAuthorization) {
+        try {
+            roleService.removeRole(id);
+            return new ResponseEntity<>(HttpStatus.NO_CONTENT);
+        } catch (BusinessException e) {
+            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+        }
+    }
 
+}
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java b/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java
index 6dd38ce25ee35b9b18b12f5ba832f2a55cb14b59..f2b94d75005ff3aac3a7237cf9db41b42fc5bf45 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/StatisticsController.java
@@ -4,10 +4,8 @@ import com.marketingconfort.mydressin.constants.Paths;
 import com.marketingconfort.mydressin.service.StatisticsService;
 import com.marketingconfort.starter.core.exceptions.FunctionalException;
 import org.springframework.format.annotation.DateTimeFormat;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.Date;
 import java.util.List;
@@ -24,18 +22,22 @@ public class StatisticsController {
     }
 
     @GetMapping("/count")
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public Long getUsersCountByRolesAndDateRange(
             @RequestParam(required = false) List<String> roleName,
             @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date startDate,
-            @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate) throws FunctionalException {
+            @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate,
+            @RequestHeader String requestAuthorization) throws FunctionalException {
 
         return statisticsService.countUsersByRolesAndDateRange(roleName, startDate, endDate);
     }
 
     @GetMapping("/countByTag")
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public Long getUsersCountByTagAndDateRange(
             @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date startDate,
-            @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate) {
+            @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date endDate,
+            @RequestHeader String requestAuthorization) {
 
         return statisticsService.countUsersByTagAndDateRange(startDate, endDate);
     }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java b/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java
index 26327f81b416d7d515de7563d00e623e81d4e62a..3c7437827965335e164c9d34bcfa42718354f849 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/SupplierController.java
@@ -11,13 +11,13 @@ import com.marketingconfort.starter.core.exceptions.FunctionalException;
 import com.marketingconfort.starter.core.exceptions.TechnicalException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
 @RestController
 @RequestMapping(Paths.SUPPLIER)
-
 public class SupplierController {
 
     private final SupplierService supplierService;
@@ -26,47 +26,66 @@ public class SupplierController {
         this.supplierService = supplierService;
     }
 
+
     @GetMapping
-    public ResponseEntity<List<SupplierDTO>> getAllSuppliers() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<SupplierDTO>> getAllSuppliers(@RequestHeader String requestAuthorization) {
         List<SupplierDTO> suppliers = supplierService.getAllSuppliers();
         return ResponseEntity.ok(suppliers);
     }
+
     @GetMapping("/notArchived")
-    public ResponseEntity<List<SupplierDTO>> getNotArchivesSuppliers() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<SupplierDTO>> getNotArchivesSuppliers(@RequestHeader String requestAuthorization) {
         List<SupplierDTO> suppliers = supplierService.getNotArchivedSuppliers();
         return ResponseEntity.ok(suppliers);
     }
+
     @GetMapping("/{supplierId}")
-    public ResponseEntity<SupplierDTO> getSupplierById(@PathVariable Long supplierId) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<SupplierDTO> getSupplierById(
+            @PathVariable Long supplierId, @RequestHeader String requestAuthorization) {
         SupplierDTO supplier = supplierService.getSupplierById(supplierId);
         return ResponseEntity.ok(supplier);
     }
 
     @PostMapping(Paths.ADD_SUPPLIER)
-    public ResponseEntity<SupplierDTO> addSupplier (@RequestBody SaveSupplierRequest saveSupplierRequest) throws TechnicalException, FunctionalException {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<SupplierDTO> addSupplier (
+            @RequestBody SaveSupplierRequest saveSupplierRequest,
+            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException {
         SupplierDTO response = supplierService.saveSupplier(saveSupplierRequest);
         return ResponseEntity.ok(response);
     }
-    @PutMapping("/update")
-    public SupplierDTO updateSupplier(@RequestBody SupplierDTO supplierDTO) {
-            return supplierService.updateSupplier(supplierDTO);
-    }
-
-    @DeleteMapping("/delete/{id}")
-    public void deleteSupplier(@PathVariable Long id) {
-        supplierService.deleteSupplier(id);
-    }
 
     @PutMapping("/{id}/{isArchived}")
-    public ResponseEntity<String> archiveSupplier(@PathVariable("id") Long supplierId, @PathVariable boolean isArchived) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<String> archiveSupplier(
+            @PathVariable("id") Long supplierId,
+            @PathVariable boolean isArchived,
+            @RequestHeader String requestAuthorization) {
         supplierService.archiveSupplier(supplierId, isArchived);
         String message = isArchived ? "Fournisseur archivé avec succès." : "Fournisseur désarchivé avec succès.";
         return ResponseEntity.ok(message);
     }
+
     @GetMapping("/archived")
-    public ResponseEntity<List<SupplierDTO>> getArchivedSuppliers() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<SupplierDTO>> getArchivedSuppliers(@RequestHeader String requestAuthorization) {
         List<SupplierDTO> suppliers = supplierService.getArchivedSuppliers();
         return ResponseEntity.ok(suppliers);
     }
 
+    @PutMapping("/update")
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public SupplierDTO updateSupplier(@RequestBody SupplierDTO supplierDTO, @RequestHeader String requestAuthorization) {
+        return supplierService.updateSupplier(supplierDTO);
+    }
+
+    @DeleteMapping("/delete/{id}")
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public void deleteSupplier(@PathVariable Long id, @RequestHeader String requestAuthorization) {
+        supplierService.deleteSupplier(id);
+    }
+
 }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java b/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java
index 2ad0066e3d59111281406b4ff364858d9b72b073..a942345112ac563ed88ffa1c01ec55241a1cc82e 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/UnregisteredClientController.java
@@ -8,6 +8,7 @@ import com.marketingconfort.mydressin.service.UnregisteredClientService;
 import lombok.AllArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -19,20 +20,25 @@ public class UnregisteredClientController {
 
     private final UnregisteredClientService unregisteredClientService;
 
+
     @PostMapping(Paths.UNREGISTERED_CLIENT_ADD)
-    public ResponseEntity<UnregisteredClientDTO> createUnregisteredClient(@RequestParam String pseudo) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<UnregisteredClientDTO> createUnregisteredClient(
+            @RequestParam String pseudo, @RequestHeader String requestAuthorization) {
         UnregisteredClientDTO clientDTO = unregisteredClientService.createUnregisteredClient(pseudo);
         return ResponseEntity.ok(clientDTO);
     }
 
     @GetMapping(Paths.UNREGISTERED_CLIENT_ROOT)
-    public ResponseEntity<List<UnregisteredClientDTO>> getAllUnregisteredClients() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<UnregisteredClientDTO>> getAllUnregisteredClients(@RequestHeader String requestAuthorization) {
         List<UnregisteredClientDTO> clients = unregisteredClientService.getAllUnregisteredClients();
         return ResponseEntity.ok(clients);
     }
 
     @DeleteMapping(Paths.UNREGISTERED_CLIENT_DELETE)
-    public ResponseEntity<Void> deleteUnregisteredClient(@PathVariable Long id) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<Void> deleteUnregisteredClient(@PathVariable Long id, @RequestHeader String requestAuthorization) {
         boolean isRemoved = unregisteredClientService.deleteUnregisteredClientById(id);
         if (!isRemoved) {
             return new ResponseEntity<>(HttpStatus.NOT_FOUND);
@@ -41,9 +47,11 @@ public class UnregisteredClientController {
     }
 
     @PostMapping(Paths.UNREGISTERED_CLIENT_ASSOCIATE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public ResponseEntity<?> associateAndDeleteUnregisteredClient(
             @RequestParam Long unregisteredClientId,
-            @RequestParam Long newUserId) {
+            @RequestParam Long newUserId,
+            @RequestHeader String requestAuthorization) {
 
         try {
             unregisteredClientService.associateAndDeleteUnregisteredClient(unregisteredClientId, newUserId);
@@ -52,12 +60,16 @@ public class UnregisteredClientController {
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to associate and delete unregistered client");
         }
     }
+
     @PostMapping(Paths.UNREGISTERED_CLIENT_BY_IDS)
-    public ResponseEntity<List<LiveClientDTO>> getUnregisteredClientsByIds(@RequestBody List<Long> ids) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<LiveClientDTO>> getUnregisteredClientsByIds(
+            @RequestBody List<Long> ids, @RequestHeader String requestAuthorization) {
         List<LiveClientDTO> clients = unregisteredClientService.getUnregisteredClientsByIds(ids);
         if (clients.isEmpty()) {
             return ResponseEntity.noContent().build();
         }
         return ResponseEntity.ok(clients);
     }
+
 }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/UserController.java b/src/main/java/com/marketingconfort/mydressin/controller/UserController.java
index e0902642ba281d5b391deba1a7fe43e1f70f3123..0bf0ba41467d1d760c0e7ff9ae545525cc38f12f 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/UserController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/UserController.java
@@ -2,7 +2,6 @@ package com.marketingconfort.mydressin.controller;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.marketingconfort.mydressin.common.user.enumerations.UserStatus;
 import com.marketingconfort.mydressin.constants.Paths;
 import com.marketingconfort.mydressin.dto.*;
 import com.marketingconfort.mydressin.error.BusinessException;
@@ -15,14 +14,13 @@ import com.marketingconfort.starter.core.exceptions.FunctionalException;
 import com.marketingconfort.starter.core.exceptions.S3FunctionalException;
 import com.marketingconfort.starter.core.exceptions.TechnicalException;
 import com.marketingconfort.starter.core.services.AuthService;
-import lombok.AllArgsConstructor;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
-import java.io.IOException;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -36,29 +34,34 @@ public class UserController {
 
 
     @GetMapping(Paths.USER_ROOT)
-    public Map<String, Object> getAllUsers() {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public Map<String, Object> getAllUsers(@RequestHeader String requestAuthorization) {
         return userService.getAllUsers();
     }
 
     @GetMapping(Paths.USER_BY_ID)
-    public Object getById(@PathVariable Long id) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public Object getById(@PathVariable Long id, @RequestHeader String requestAuthorization) {
         return userService.getUserById(id);
     }
 
     @GetMapping(Paths.USER_BY_EMAIL)
-    public UserDTO getUserByEmail(@PathVariable String email)  {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public UserDTO getUserByEmail(@PathVariable String email, @RequestHeader String requestAuthorization)  {
         return userService.getUserByEmail(email);
     }
 
     @GetMapping(Paths.CLIENT_STATISTICS)
-    public ClientStats clientStatistics(@PathVariable String email)  {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ClientStats clientStatistics(@PathVariable String email, @RequestHeader String requestAuthorization)  {
         return userService.clientStatistics(email);
     }
 
     @PostMapping(Paths.USER_ADD)
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public UserDTO saveUser(@RequestParam("user") String userdtoJson,
-                            @RequestParam(value = "imageFile", required = false) MultipartFile imageFile) throws TechnicalException, FunctionalException, S3FunctionalException {
+                            @RequestParam(value = "imageFile", required = false) MultipartFile imageFile,
+                            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException, S3FunctionalException {
         ObjectMapper objectMapper = new ObjectMapper();
         SaveUserRequest saveUserRequest;
         try {
@@ -68,8 +71,11 @@ public class UserController {
         }
         return userService.saveUser(saveUserRequest, imageFile);
     }
+
     @PostMapping(path = Paths.UPLOAD, consumes = {"multipart/form-data"})
-    public ResponseEntity<String> uploadImage(@RequestPart("imageFile") MultipartFile imageFile) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<String> uploadImage(@RequestPart("imageFile") MultipartFile imageFile,
+                                              @RequestHeader String requestAuthorization) {
         try {
             String imageUrl = userService.uploadImage(imageFile);
             return ResponseEntity.ok(imageUrl);
@@ -77,9 +83,13 @@ public class UserController {
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(e.getMessage());
         }
     }
+
     @PutMapping(Paths.USER_UPDATE)
-//@PreAuthorize("hasRole('ADMIN')")
-    public ResponseEntity<UserDTO> updateUser(@RequestParam(value = "imageFile", required = false) MultipartFile imageFile, @RequestParam("userDto") String userDtoJson) throws S3FunctionalException, TechnicalException, FunctionalException {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<UserDTO> updateUser(
+            @RequestParam(value = "imageFile", required = false) MultipartFile imageFile,
+            @RequestParam("userDto") String userDtoJson,
+            @RequestHeader String requestAuthorization) throws S3FunctionalException, TechnicalException, FunctionalException {
         ObjectMapper objectMapper = new ObjectMapper();
         UserDTO userDTO;
         try {
@@ -92,8 +102,11 @@ public class UserController {
     }
 
     @PutMapping(Paths.CLIENT_UPDATE_WITH_SPECIFIC_INFOS)
-//@PreAuthorize("hasRole('ADMIN')")
-    public ResponseEntity<ClientDTO> updateClientWithSpInfo(@RequestParam(value = "imageFile", required = false) MultipartFile imageFile, @RequestParam("clientDto") String clientDtoJson) throws S3FunctionalException, TechnicalException, FunctionalException {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<ClientDTO> updateClientWithSpInfo(
+            @RequestParam(value = "imageFile", required = false) MultipartFile imageFile,
+            @RequestParam("clientDto") String clientDtoJson,
+            @RequestHeader String requestAuthorization) throws S3FunctionalException, TechnicalException, FunctionalException {
         ObjectMapper objectMapper = new ObjectMapper();
         UpdateClientRequest updateClientRequest;
         try {
@@ -104,72 +117,101 @@ public class UserController {
         ClientDTO updatedUser = userService.updateClientSpecificInfo(updateClientRequest, imageFile);
         return ResponseEntity.ok(updatedUser);
     }
+
     @PutMapping(Paths.CLIENT_UPDATE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public ResponseEntity<ClientDTO> updateClient(
             @RequestPart(value = "imageFile", required = false) MultipartFile imageFile,
-            @RequestPart("clientDTO") ClientDTO clientDTO)  {
+            @RequestPart("clientDTO") ClientDTO clientDTO,
+            @RequestHeader String requestAuthorization)  {
         return ResponseEntity.ok(userService.updateClient(clientDTO, imageFile));
     }
 
     @DeleteMapping(Paths.USER_DELETE)
-    //@PreAuthorize("hasRole('ADMIN')")
-    public Boolean deleteUser(@PathVariable Long id){
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public Boolean deleteUser(@PathVariable Long id, @RequestHeader String requestAuthorization){
         return userService.deleteUser(id);
     }
 
     @GetMapping(Paths.USER_BY_UID)
-    public UserDTO getByUid(@PathVariable Long uid) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public UserDTO getByUid(@PathVariable Long uid, @RequestHeader String requestAuthorization) {
         return userService.getUserByUid(uid);
     }
 
 
     @PostMapping(Paths.CLIENT_REGISTER)
-    public ResponseEntity<ClientDTO> register (@RequestBody ClientDTO clientDTO) throws TechnicalException, FunctionalException {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<ClientDTO> register (
+            @RequestBody ClientDTO clientDTO,
+            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException {
         ClientDTO response = userService.saveClient(clientDTO);
         return ResponseEntity.ok(response);
     }
+
     @PostMapping(Paths.UPDATE_CLIENT_PASSWORD)
-    public ResponseEntity <Boolean> confirmUserPassword(@RequestBody UserPasswordCreationRequest userPasswordCreationRequest) throws TechnicalException, FunctionalException {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity <Boolean> confirmUserPassword(
+            @RequestBody UserPasswordCreationRequest userPasswordCreationRequest,
+            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException {
         Boolean response = userService.confirmUserPassword(userPasswordCreationRequest);
         return ResponseEntity.ok(response);
     }
 
     @GetMapping(Paths.AUTHENTICATED)
-    public Boolean isAuthenticated(@PathVariable String email) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public Boolean isAuthenticated(@PathVariable String email, @RequestHeader String requestAuthorization) {
         return userService.isAuthenticated(email,true);
     }
 
     @PostMapping (Paths.CHANGE_LOGIN_ACTIVITY)
-    public UserDTO ChangeLoginActivity(@RequestBody RequestLoginActivity requestLoginActivity) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public UserDTO ChangeLoginActivity(
+            @RequestBody RequestLoginActivity requestLoginActivity, @RequestHeader String requestAuthorization) {
         return userService.changeLoginActivity(requestLoginActivity);
     }
+
     @PostMapping (Paths.CHANGE_USER_STATUS)
-    public UserDTO changeUserStatus(@RequestBody RequestChangeStatus status) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public UserDTO changeUserStatus(@RequestBody RequestChangeStatus status, @RequestHeader String requestAuthorization) {
         return userService.changeUserStatus(status);
     }
 
     @PostMapping (Paths.SEND_RESET_PASSWORD)
-    public UserOperationHashResponse sendResetPassword(@RequestBody SendingEmailRequest sendingEmailRequest) throws TechnicalException, FunctionalException {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public UserOperationHashResponse sendResetPassword(
+            @RequestBody SendingEmailRequest sendingEmailRequest,
+            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException {
         return  userService.sendingResetPassword(sendingEmailRequest);
     }
 
     @GetMapping(Paths.IS_NOT_AUTHENTICATED)
-    public Boolean isNotAuthenticated(@PathVariable String email) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public Boolean isNotAuthenticated(@PathVariable String email, @RequestHeader String requestAuthorization) {
         return userService.isAuthenticated(email,false);
     }
+
     @PostMapping(Paths.UPDATE_PASSWORD)
-    public UserDTO updateUserPassword(@RequestBody UpdatePasswordRequest updatePasswordRequest) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public UserDTO updateUserPassword(
+            @RequestBody UpdatePasswordRequest updatePasswordRequest,
+            @RequestHeader String requestAuthorization) {
         return userService.updateUserPassword(updatePasswordRequest);
     }
+
     @PostMapping(Paths.SEND_VERIFICATION_CODE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public ResponseEntity<Boolean> sendVerificationCode(
-            @RequestBody UserConfirmationRequestOtp userConfirmationRequestOtp) throws TechnicalException, FunctionalException {
+            @RequestBody UserConfirmationRequestOtp userConfirmationRequestOtp,
+            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException {
             Boolean isOtpValid = userService.sendVerificationCode(userConfirmationRequestOtp);
             return ResponseEntity.ok(isOtpValid);
-
     }
+
     @PostMapping(Paths.CLIENT_LOGIN)
-    public ResponseEntity<?> clientLogin(@RequestBody AuthenticationRequest authenticationRequest) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<?> clientLogin(
+            @RequestBody AuthenticationRequest authenticationRequest, @RequestHeader String requestAuthorization) {
         try {
             AuthenticationResponse response = userService.clientLogin(authenticationRequest);
             return ResponseEntity.ok(response);
@@ -183,7 +225,9 @@ public class UserController {
     }
 
     @PostMapping(Paths.BACKOFFICE_LOGIN)
-    public ResponseEntity<?> backOfficeLogin(@RequestBody AuthenticationRequest authenticationRequest) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<?> backOfficeLogin(
+            @RequestBody AuthenticationRequest authenticationRequest, @RequestHeader String requestAuthorization) {
         try {
             AuthenticationResponse response = userService.backOfficeLogin(authenticationRequest);
             return ResponseEntity.ok(response);
@@ -195,8 +239,12 @@ public class UserController {
             throw new RuntimeException("Information incorrecte, veuillez réessayer");
         }
     }
+
     @PostMapping(Paths.CONFIRM_REGISTRATION )
-    public ResponseEntity<String> confirmClientRegistration(@RequestBody ClientConfirmRegistration clientConfirmRegistration) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<String> confirmClientRegistration(
+            @RequestBody ClientConfirmRegistration clientConfirmRegistration,
+            @RequestHeader String requestAuthorization) {
         try {
             userService.confirmClientRegistration(clientConfirmRegistration);
             return ResponseEntity.ok("Client registration confirmed successfully.");
@@ -208,7 +256,10 @@ public class UserController {
     }
 
     @PostMapping(Paths.SEND_EMAIL_TO_CONFIRM_REGISTRATION)
-    public ResponseEntity<UserOperationHashResponse> sendOtpEmail(@RequestBody UserForgotPasswordOtpRequest request) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<UserOperationHashResponse> sendOtpEmail(
+            @RequestBody UserForgotPasswordOtpRequest request,
+            @RequestHeader String requestAuthorization) {
         try {
             String emailTemplateNameKey = "registrationConfirmation";
             UserOperationHashResponse response = authService.sendOtpEmail(request, emailTemplateNameKey,"Confirmation d'inscription");
@@ -219,21 +270,27 @@ public class UserController {
     }
 
     @PostMapping(Paths.CONFIRM_VERIFICATION_CODE)
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
     public ResponseEntity<Boolean> sendVerificationCodeOtp(
-            @RequestBody UserOtpConfirmationRequest userOtpConfirmationRequest) throws TechnicalException, FunctionalException {
+            @RequestBody UserOtpConfirmationRequest userOtpConfirmationRequest,
+            @RequestHeader String requestAuthorization) throws TechnicalException, FunctionalException {
         UserOtpConfirmationResponse userOtpConfirmationResponse = authService.confirmAccountCreationOtp(userOtpConfirmationRequest);
         return ResponseEntity.ok(userOtpConfirmationResponse.isOtpValid());
     }
 
 
     @GetMapping(Paths.RETRIEVE_CLIENTS_BY_IDS)
-    public ResponseEntity<List<ClientDTO>> getAllClientsByIDs(@RequestParam List<Long> clientsIDs) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<ClientDTO>> getAllClientsByIDs(
+            @RequestParam List<Long> clientsIDs, @RequestHeader String requestAuthorization) {
         List<ClientDTO> clientDTOList = userService.getClientsByIds(clientsIDs);
         return ResponseEntity.ok(clientDTOList);
     }
 
     @GetMapping(Paths.RETRIEVE_USERS_BY_IDS)
-    public ResponseEntity<List<UserDTO>> getAllUsersByIDs(@RequestParam List<Long> usersIDs) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<List<UserDTO>> getAllUsersByIDs(
+            @RequestParam List<Long> usersIDs, @RequestHeader String requestAuthorization) {
         List<UserDTO> userDTOList = userService.getUsersByIds(usersIDs);
         return ResponseEntity.ok(userDTOList);
     }
diff --git a/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java b/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java
index c3dc42b8569534093c2c5db28d445e6898951bf0..36175e2815ca0fb6ae7f94896e16efcd7df3f99b 100644
--- a/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java
+++ b/src/main/java/com/marketingconfort/mydressin/controller/UserImportController.java
@@ -1,18 +1,17 @@
 package com.marketingconfort.mydressin.controller;
 
-import com.marketingconfort.mydressin.dto.ClientDTO;
 import com.marketingconfort.mydressin.dto.ImportUserResponseResult;
 import com.marketingconfort.mydressin.service.UserImportService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.List;
-import java.util.Map;
+
 
 @RestController
 @RequiredArgsConstructor
@@ -21,8 +20,11 @@ public class UserImportController {
 
     private final UserImportService userImportService;
 
+
     @PostMapping("/users")
-    public ResponseEntity<ImportUserResponseResult> importUsers(@RequestParam("file") MultipartFile file) {
+    @PreAuthorize("@securityCustomExpressions.isClientTrusted(#requestAuthorization)")
+    public ResponseEntity<ImportUserResponseResult> importUsers(
+            @RequestParam("file") MultipartFile file, @RequestHeader String requestAuthorization) {
         if (file == null || file.isEmpty()) {
             ImportUserResponseResult errorResponse = new ImportUserResponseResult();
             return ResponseEntity.badRequest().body(errorResponse);