diff --git a/src/endpoints/rooms/rooms.ts b/src/endpoints/rooms/rooms.ts
index 2283cd5..f7c6b42 100644
--- a/src/endpoints/rooms/rooms.ts
+++ b/src/endpoints/rooms/rooms.ts
@@ -1,7 +1,7 @@
 import express from 'express';
 import type { Request, Response } from 'express';
 import { limiter } from '../middleware';
-// import asyncHandler from 'express-async-handler';
+import asyncHandler from 'express-async-handler';
 import { PrismaClient } from '@prisma/client';
 // import { verifyIdentityProof } from '../../crypto/idcVerifier/verifier';
 import { pp } from '../../utils';
@@ -18,6 +18,8 @@ import { MessageI, RoomI } from 'discreetly-interfaces';
 import { RLNFullProof } from 'rlnjs';
 import basicAuth from 'express-basic-auth';
 import { generateRandomClaimCode } from 'discreetly-claimcodes';
+import { IDCProof } from 'idc-nullifier';
+import { verifyIdentityProof } from '../../crypto/idcVerifier/verifier';
 const router = express.Router();
 const prisma = new PrismaClient();
 
@@ -288,30 +290,49 @@ router.post('/checkpasswordhash/:id', limiter, (req: Request, res: Response) =>
     });
 })
 
-router.post('/setpassword/:id', limiter, (req: Request, res: Response) => {
+router.post('/setpassword/:id', limiter, asyncHandler(async (req: Request, res: Response) => {
   const { id } = req.params;
-  const { passwordHash } = req.body as { passwordHash: string };
-  prisma.rooms
-    .update({
+  const { passwordHash, idc, proof } = req.body as { passwordHash: string, idc: string, proof: IDCProof };
+  const isValid = await verifyIdentityProof(proof);
+
+  if (isValid) {
+    prisma.rooms.findUnique({
       where: {
         roomId: id
       },
-      data: {
-        passwordHash: passwordHash
+      select: {
+        adminIdentities: true
       }
+      }).then((room) => {
+        if (room) {
+          if (!room.adminIdentities.includes(idc)) {
+            res.status(401).json({ success: false, message: 'Identity not authorized' });
+            return;
+          }
+          prisma.rooms.update({
+            where: {
+              roomId: id
+            },
+            data: {
+              passwordHash
+            }
+          }).then(() => {
+            res.status(200).json({ success: true, message: 'Password set successfully' });
+          }).catch((error: Error) => {
+            pp(error, 'error');
+            res.status(500).json({ success: false, message: 'Error setting password' });
+          })
+        } else {
+          res.status(500).json({ success: false, message: 'Error finding room' });
+        }
+      }).catch((error: Error) => {
+        pp(error, 'error');
+        res.status(500).send('Error finding room');
     })
-    .then((room) => {
-      if (room) {
-        res.status(200).json({ success: true, message: "Password set successfully" });
-      } else {
-        res.status(500).json({ success: false, message: "Error setting password" });
-      }
-    })
-    .catch((error: Error) => {
-      pp(error, 'error');
-      res.status(500).send('Error fetching room');
-    });
-})
+  } else {
+    res.status(401).json({ success: false, message: 'Unauthorized ' });
+  }
+}))
 
 
 export default router;