diff --git a/.envdev b/.envdev
index bbe2881..0d4ed8c 100644
--- a/.envdev
+++ b/.envdev
@@ -14,6 +14,7 @@ DB_PASSWORD=pikachu
 DB_TIMEZONE=Australia/Sydney
 
 CHAT_URI=http://example.com:3200/chat
+CHAT_KEY=chattychattybangbang
 
 SESSION_SECRET=secret
 SESSION_ADMIN=adminsecret
\ No newline at end of file
diff --git a/server/chat/reserve.js b/server/chat/reserve.js
index 82faf63..80c8d2f 100644
--- a/server/chat/reserve.js
+++ b/server/chat/reserve.js
@@ -2,21 +2,30 @@ const fetch = require('node-fetch');
 const FormData = require('form-data');
 
 const route = async (req, res) => {
+	if (!req.session.account) {
+		return status(403).send('No account detected');
+	}
+
 	//build the fake form data object
 	let form = new FormData();
 	form.append('username', req.session?.account?.username);
+	form.append('key', process.env.CHAT_KEY);
 
 	try {
 		//reserve the UUID with the chat server (hop 1)
 		const result = await fetch(`http://${process.env.CHAT_URI}/reserve`, { method: 'POST', body: form });
 
-		const json = await result.json();
-		res.cookie('pseudonym', json.pseudonym);
-		res.status(200).send({ ok: true });
+		if (result.status == 200) {
+			const json = await result.json();
+			res.cookie('pseudonym', json.pseudonym);
+			res.status(200).send({ ok: true });
+		} else {
+			throw await result.text();
+		}
 	} catch(e) {
-		console.error('Chat server not found');
+		console.error(`Chat server error: ${e}`);
 		res.cookie('pseudonym', '.null');
-		res.status(200).send({ ok: false, error: 'Chat server not found' });
+		res.status(200).send({ ok: false, error: `Chat server error ${e}` });
 	}
 };