diff --git a/occupi-backend/pkg/router/router.go b/occupi-backend/pkg/router/router.go
index 51702ef2..6fb19f60 100644
--- a/occupi-backend/pkg/router/router.go
+++ b/occupi-backend/pkg/router/router.go
@@ -42,10 +42,10 @@ func OccupiRouter(router *gin.Engine, db *mongo.Client) {
 	api := router.Group("/api")
 	{
 		api.GET("/resource-auth", middleware.ProtectedRoute, func(ctx *gin.Context) { handlers.FetchResourceAuth(ctx, appsession) }) // authenticated
-		api.GET("/book-room", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.BookRoom(ctx, appsession) })
-		api.GET("/check-in", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.CheckIn(ctx, appsession) })
-		api.GET("cancel-booking", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.CancelBooking(ctx, appsession) })
-		api.GET(("view-bookings"), middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.ViewBookings(ctx, appsession) })
+		api.GET("/book-room", middleware.ProtectedRoute, func(ctx *gin.Context) { handlers.BookRoom(ctx, appsession) })
+		api.GET("/check-in", middleware.ProtectedRoute, func(ctx *gin.Context) { handlers.CheckIn(ctx, appsession) })
+		api.GET("cancel-booking", middleware.ProtectedRoute, func(ctx *gin.Context) { handlers.CancelBooking(ctx, appsession) })
+		api.GET(("view-bookings"), middleware.ProtectedRoute, func(ctx *gin.Context) { handlers.ViewBookings(ctx, appsession) })
 	}
 	auth := router.Group("/auth")
 	{