diff --git a/.envdev b/.envdev
index bed1fac..80bf2b7 100644
--- a/.envdev
+++ b/.envdev
@@ -6,3 +6,4 @@ DB_USERNAME=chat
 DB_PASSWORD=blastoise
 DB_TIMEZONE=Australia/Sydney
 
+CHAT_KEY=chattychattybangbang
\ No newline at end of file
diff --git a/server/chat/reserve.js b/server/chat/reserve.js
index bd9a965..b56bc9b 100644
--- a/server/chat/reserve.js
+++ b/server/chat/reserve.js
@@ -5,6 +5,11 @@ const Op = Sequelize.Op;
 const { pseudonyms } = require('../database/models');
 
 const route = async (req, res) => {
+	//check the key
+	if (req.fields.key != process.env.CHAT_KEY) {
+		return res.status(403).send('Invalid chat key');
+	}
+
 	//generate a UUID to act as a pseudonym (starting with a period)
 	const pseudonym = `.${uuid()}`;
 
@@ -20,7 +25,7 @@ const route = async (req, res) => {
 		pseudonym: pseudonym
 	},{
 		where: {
-			username: req.fields.username
+			username: instance.username
 		}
 	});