diff --git a/poizonstore/urls.py b/poizonstore/urls.py
index 5d28fae..dd41d82 100644
--- a/poizonstore/urls.py
+++ b/poizonstore/urls.py
@@ -17,9 +17,11 @@ Including another URLconf
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
+from django.contrib.auth.decorators import permission_required
 from django.urls import path, include
 from drf_spectacular.views import SpectacularAPIView, SpectacularRedocView
 
+from account.permissions import IsAdmin
 
 urlpatterns = [
     path('admin/', admin.site.urls),
@@ -31,8 +33,7 @@ urlpatterns = [
   + static(settings.STATIC_URL)
 
 # API schema
-if settings.DEBUG:
-    urlpatterns += [
-        path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
-        path('api/redoc/', SpectacularRedocView.as_view(url_name='schema'), name='redoc'),
-    ]
+urlpatterns += [
+    path('api/schema/', permission_required([IsAdmin])(SpectacularAPIView.as_view()), name='schema'),
+    path('api/redoc/', permission_required([IsAdmin])(SpectacularRedocView.as_view(url_name='schema')), name='redoc'),
+]