diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb
index 54930edf9..b62b3e063 100644
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -10,6 +10,11 @@ module Api
         head :unauthorized unless ip_allowed
       end
 
+      def authenticate_shared_key
+        api_key = "Basic #{ENV['api_shared_key']}"
+        head(:unauthorized) unless api_key == request.authorization
+      end
+
       def not_found_error
         uuid = params['uuid']
         json = { error: 'Not Found', uuid: uuid, message: 'Record not found' }
diff --git a/app/controllers/api/v1/bounces_controller.rb b/app/controllers/api/v1/bounces_controller.rb
index 40a3c1c91..296c9d9bd 100644
--- a/app/controllers/api/v1/bounces_controller.rb
+++ b/app/controllers/api/v1/bounces_controller.rb
@@ -1,10 +1,12 @@
 module Api
   module V1
     class BouncesController < BaseController
+      before_action :authenticate_shared_key
+
       # POST api/v1/bounces/
       def create
         BouncedMailAddress.record(bounce_params)
-        head(:ok)
+        head(:created)
       rescue ActionController::ParameterMissing
         head(:bad_request)
       end
diff --git a/config/application.yml.sample b/config/application.yml.sample
index 72b55e2ea..237617be3 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -87,6 +87,9 @@ sk_digi_doc_service_name: 'Testimine'
 registrant_api_base_url:
 registrant_api_auth_allowed_ips: '127.0.0.1, 0.0.0.0' #ips, separated with commas
 
+# Bounces API
+api_shared_key: testkey
+
 #
 # MISC