diff --git a/app/controllers/api/v1/overland/batches_controller.rb b/app/controllers/api/v1/overland/batches_controller.rb
index 2b0aacc8..014b43f5 100644
--- a/app/controllers/api/v1/overland/batches_controller.rb
+++ b/app/controllers/api/v1/overland/batches_controller.rb
@@ -2,6 +2,7 @@
 
 class Api::V1::Overland::BatchesController < ApplicationController
   skip_forgery_protection
+  before_action :authenticate_api_key
 
   def create
     Overland::BatchCreatingJob.perform_later(batch_params)
@@ -12,6 +13,6 @@ class Api::V1::Overland::BatchesController < ApplicationController
   private
 
   def batch_params
-    params.permit(locations: [:type, geometry: {}, properties: {}], batch: {})
+    params.permit(locations: [:type, { geometry: {}, properties: {} }], batch: {})
   end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index cfb0a0a5..71021818 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,17 @@
+# frozen_string_literal: true
+
 class ApplicationController < ActionController::Base
   include Pundit::Authorization
+
+  protected
+
+  def authenticate_api_key
+    return head :unauthorized unless current_api_user
+
+    true
+  end
+
+  def current_api_user
+    @current_api_user ||= User.find_by(api_key: params[:api_key])
+  end
 end
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
index 8e0968fb..73cab649 100644
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@@ -2,7 +2,7 @@
   <div class="hero-content flex-col lg:flex-row-reverse w-full my-10">
     <div class="text-center lg:text-left">
       <h1 class="text-5xl font-bold">Edit your account!</h1>
-      <%#= render 'devise/registrations/api_key' %>
+      <%= render 'devise/registrations/api_key' %>
     </div>
     <div class="card flex-shrink-0 w-full max-w-sm shadow-2xl bg-base-100 px-5 py-5">
       <%= form_for(resource, as: resource_name, url: registration_path(resource_name), class: 'form-body', html: { method: :put }) do |f| %>
diff --git a/spec/requests/api/v1/overland/batches_spec.rb b/spec/requests/api/v1/overland/batches_spec.rb
index 22d82818..912aa280 100644
--- a/spec/requests/api/v1/overland/batches_spec.rb
+++ b/spec/requests/api/v1/overland/batches_spec.rb
@@ -9,16 +9,28 @@ RSpec.describe 'Api::V1::Overland::Batches', type: :request do
     let(:json) { JSON.parse(file.read) }
     let(:params) { json }
 
-    it 'returns http success' do
-      post '/api/v1/overland/batches', params: params
+    context 'with invalid api key' do
+      it 'returns http unauthorized' do
+        post '/api/v1/overland/batches', params: params
 
-      expect(response).to have_http_status(:created)
+        expect(response).to have_http_status(:unauthorized)
+      end
     end
 
-    it 'enqueues a job' do
-      expect do
-        post '/api/v1/overland/batches', params: params
-      end.to have_enqueued_job(Overland::BatchCreatingJob)
+    context 'with valid api key' do
+      let(:user) { create(:user) }
+
+      it 'returns http success' do
+        post "/api/v1/overland/batches?api_key=#{user.api_key}", params: params
+
+        expect(response).to have_http_status(:created)
+      end
+
+      it 'enqueues a job' do
+        expect do
+          post "/api/v1/overland/batches?api_key=#{user.api_key}", params: params
+        end.to have_enqueued_job(Overland::BatchCreatingJob)
+      end
     end
   end
 end
diff --git a/spec/swagger/api/v1/overland/batches_controller_spec.rb b/spec/swagger/api/v1/overland/batches_controller_spec.rb
index 038acb30..d0d0a2b5 100644
--- a/spec/swagger/api/v1/overland/batches_controller_spec.rb
+++ b/spec/swagger/api/v1/overland/batches_controller_spec.rb
@@ -72,12 +72,26 @@ describe 'Batches API', type: :request do
         }
       }
 
+      parameter name: :api_key, in: :query, type: :string, required: true, description: 'API Key'
+
       response '201', 'Batch of points created' do
         let(:file_path) { 'spec/fixtures/files/overland/geodata.json' }
         let(:file) { File.open(file_path) }
         let(:json) { JSON.parse(file.read) }
         let(:params) { json }
         let(:locations) { params['locations'] }
+        let(:api_key) { create(:user).api_key }
+
+        run_test!
+      end
+
+      response '401', 'Unauthorized' do
+        let(:file_path) { 'spec/fixtures/files/overland/geodata.json' }
+        let(:file) { File.open(file_path) }
+        let(:json) { JSON.parse(file.read) }
+        let(:params) { json }
+        let(:locations) { params['locations'] }
+        let(:api_key) { nil }
 
         run_test!
       end
diff --git a/swagger/v1/swagger.yaml b/swagger/v1/swagger.yaml
index e710236d..32ddedfc 100644
--- a/swagger/v1/swagger.yaml
+++ b/swagger/v1/swagger.yaml
@@ -9,10 +9,18 @@ paths:
       summary: Creates a batch of points
       tags:
       - Batches
-      parameters: []
+      parameters:
+      - name: api_key
+        in: query
+        required: true
+        description: API Key
+        schema:
+          type: string
       responses:
         '201':
           description: Batch of points created
+        '401':
+          description: Unauthorized
       requestBody:
         content:
           application/json:
@@ -172,7 +180,7 @@ paths:
                   lat: 52.502397
                   lon: 13.356718
                   tid: Swagger
-                  tst: 1716488929
+                  tst: 1716633953
 servers:
 - url: http://{defaultHost}
   variables: