diff --git a/README.md b/README.md
index a8571ae..9d04cc7 100644
--- a/README.md
+++ b/README.md
@@ -203,4 +203,14 @@ Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migra
 - [ ] make settings adjustable by environment (?)
 - [ ] Remove hard coded JSON (?)
 
+
+### To document
+
+* Login via username password interactively
+* Login via name/realm/token rest
+
 ## Changelog
+
+### 0.5, 2018-11-18
+
+* Require authentication on all rest endpoints by token
diff --git a/ungleichotp/otpauth/serializer.py b/ungleichotp/otpauth/serializer.py
index b592da9..0a9cbbd 100644
--- a/ungleichotp/otpauth/serializer.py
+++ b/ungleichotp/otpauth/serializer.py
@@ -13,7 +13,14 @@ class OTPSerializer(serializers.ModelSerializer):
         validated_data['seed'] = pyotp.random_base32()
         return OTPSeed.objects.create(**validated_data)
 
-class VerifySerializer(serializers.Serializer):
+class VerifySerializerV1(serializers.Serializer):
+    """
+    This is the first version of the serializer that would authenticate the request
+    itself. This is not necessary anymore starting from version 0.5
+
+    Code to be removed prior to 1.0
+    """
+
     name = serializers.CharField(max_length=128)
     token = serializers.CharField(max_length=128)
     realm = serializers.CharField(max_length=128)
@@ -62,6 +69,10 @@ class TokenSerializer(serializers.Serializer):
     token = serializers.CharField(max_length=128)
     realm = serializers.CharField(max_length=128)
 
+    token_name = 'token'
+    name_name = 'name'
+    realm_name = 'realm'
+
     def save(self):
         token_in = self.validated_data.get('token')
         name_in =  self.validated_data.get('name')
@@ -79,3 +90,8 @@ class TokenSerializer(serializers.Serializer):
             raise exceptions.AuthenticationFailed()
 
         return (db_instance, token_in)
+
+class VerifySerializer(TokenSerializer):
+    token_name = 'verifytoken'
+    name_name = 'verifyname'
+    realm_name = 'verifyrealm'
diff --git a/ungleichotp/otpauth/views.py b/ungleichotp/otpauth/views.py
index a4e5a59..dfe1f9a 100644
--- a/ungleichotp/otpauth/views.py
+++ b/ungleichotp/otpauth/views.py
@@ -11,6 +11,7 @@ from django.http import HttpResponse, JsonResponse
 from otpauth.serializer import VerifySerializer, OTPSerializer
 from otpauth.models import OTPSeed
 
+# Version 2 model - model based ++ verify action
 class OTPVerifyViewSet(viewsets.ModelViewSet):
     serializer_class = OTPSerializer
     queryset = OTPSeed.objects.all()
@@ -26,6 +27,7 @@ class OTPVerifyViewSet(viewsets.ModelViewSet):
         return JsonResponse(serializer.errors, status=400)
 
 
+# Version 1 model - should be removed
 class VerifyViewSet(viewsets.ViewSet):
     serializer_class = VerifySerializer