diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py
index 8c33a383e..10fb8449c 100644
--- a/hermes_cli/web_server.py
+++ b/hermes_cli/web_server.py
@@ -993,7 +993,16 @@ async def get_env_vars():
 
 
 @app.put("/api/env")
-async def set_env_var(body: EnvVarUpdate):
+async def set_env_var(body: EnvVarUpdate, request: Request):
+    # --- Token check ---
+    auth = request.headers.get("authorization", "")
+    if auth != f"Bearer {_SESSION_TOKEN}":
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    # --- Whitelist check ---
+    if body.key not in OPTIONAL_ENV_VARS:
+        raise HTTPException(status_code=400, detail=f"{body.key} is not an allowed env var")
+
     try:
         save_env_value(body.key, body.value)
         return {"ok": True, "key": body.key}
@@ -1003,7 +1012,16 @@ async def set_env_var(body: EnvVarUpdate):
 
 
 @app.delete("/api/env")
-async def remove_env_var(body: EnvVarDelete):
+async def remove_env_var(body: EnvVarDelete, request: Request):
+    # --- Token check ---
+    auth = request.headers.get("authorization", "")
+    if auth != f"Bearer {_SESSION_TOKEN}":
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    # --- Whitelist check ---
+    if body.key not in OPTIONAL_ENV_VARS:
+        raise HTTPException(status_code=400, detail=f"{body.key} is not an allowed env var")
+
     try:
         removed = remove_env_value(body.key)
         if not removed: