diff --git a/app/actions/media/create.rb b/app/actions/media/create.rb
index 459de79..e6520b8 100644
--- a/app/actions/media/create.rb
+++ b/app/actions/media/create.rb
@@ -3,10 +3,13 @@ module Adamantium
     module Media
       class Create < Action
         include Deps["commands.media.upload"]
+        before :authorize!
 
         def handle(req, res)
           data = req.params[:file]
 
+          halt 401 unless verify_scope(req: req, scope: :media)
+
           upload.call(file: data) do |m|
             m.failure do |v|
               res.status = 422
diff --git a/config/routes.rb b/config/routes.rb
index 4fce10e..28bdf9f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -12,6 +12,7 @@ module Adamantium
       get "/", to: "site.config"
       post "/", to: "posts.handle"
       post "/media", to: "media.create"
+      get "/media", to: "media.show"
     end
 
     get "/", to: "site.home"