diff --git a/src/api/middleware/auth/index.js b/src/api/middleware/auth/index.js
index b245980..205f5de 100644
--- a/src/api/middleware/auth/index.js
+++ b/src/api/middleware/auth/index.js
@@ -1,10 +1,15 @@
+const config = require('../../../../config');
 const realm = require('../../../services/realm');
 
 module.exports = (req, res, next) => {
-  const { id, token } = req.params;
+  const { id, token, key } = req.params;
 
   const sendAuthError = () => res.sendStatus(401);
 
+  if (key !== config.get('key')) {
+    return sendAuthError();
+  }
+
   if (!id) {
     return next();
   }
diff --git a/src/api/v1/public/index.js b/src/api/v1/public/index.js
index 1215651..fc88b39 100644
--- a/src/api/v1/public/index.js
+++ b/src/api/v1/public/index.js
@@ -8,14 +8,9 @@ const randomId = () => {
   return (Math.random().toString(36) + '0000000000000000000').substr(2, 16);
 };
 
-const generateClientId = (key) => {
+const generateClientId = () => {
   let clientId = randomId();
 
-  const realm = realmsCache.getRealmByKey(key);
-  if (!realm) {
-    return clientId;
-  }
-
   while (realm.getClientById(clientId)) {
     clientId = randomId();
   }
@@ -25,10 +20,8 @@ const generateClientId = (key) => {
 
 // Retrieve guaranteed random ID.
 app.get('/id', (req, res, next) => {
-  const { key } = req.params;
-
   res.contentType = 'text/html';
-  res.send(generateClientId(key));
+  res.send(generateClientId());
 });
 
 // Get a list of all peers for a key, enabled by the `allowDiscovery` flag.
@@ -41,25 +34,3 @@ app.get('/peers', (req, res, next) => {
 
   res.sendStatus(401);
 });
-
-// Server sets up HTTP streaming when you get post an ID.
-// app.post('/:id/:token/id', (req, res, next) => {
-//   var id = req.params.id;
-//   var token = req.params.token;
-//   var key = req.params.key;
-//   var ip = req.connection.remoteAddress;
-
-//   if (!self._clients[key] || !self._clients[key][id]) {
-//     self._checkKey(key, ip, function (err) {
-//       if (!err && !self._clients[key][id]) {
-//         self._clients[key][id] = { token: token, ip: ip };
-//         self._ips[ip]++;
-//         self._startStreaming(res, key, id, token, true);
-//       } else {
-//         res.send(JSON.stringify({ type: 'HTTP-ERROR' }));
-//       }
-//     });
-//   } else {
-//     self._startStreaming(res, key, id, token);
-//   }
-// });