diff --git a/config.php.sample b/config.php.sample
index 0522db3..3dbc5e4 100644
--- a/config.php.sample
+++ b/config.php.sample
@@ -3,4 +3,5 @@
 return [
   'username' => '',
   'password' => ''
+  'noAlbumToken' => ''
 ];
diff --git a/index.php b/index.php
index 710f956..48c7c0d 100644
--- a/index.php
+++ b/index.php
@@ -17,7 +17,6 @@ use PhotoPrismUpload\API\PhotoPrism;
         label[for="album"] {
             grid-column: 1;
             grid-row: 1;
-            /* display: block; */
         }
         #album {
             grid-column: 2;
@@ -45,12 +44,24 @@ $api = new PhotoPrism($config);
 $albums = [];
 try {
     $api->login();
-    $albums = $api->getAlbums();
 } catch (\Exception $e) {
     die('Fehler: ' . $e->getMessage());
 }
 
 if (!isset($_POST['submit'])) {
+    if (!isset($_GET['token'])) {
+        die('Sorry, kein Zugriff');
+    }
+    $token = $_GET['token'];
+    $tokens = explode(',', $token);
+    try {
+        $albums = $api->getAlbumsByTokens($tokens);
+    } catch (\Exception $e) {
+        die('Fehler: ' . $e->getMessage());
+    }
+    if (empty($albums) && (empty($config['noAlbumToken']) || !in_array($config['noAlbumToken'], $tokens))) {
+        die('Falscher Token');
+    }
     ?>
     <script>
         window.tooLarge = false;
@@ -79,7 +90,7 @@ if (!isset($_POST['submit'])) {
             </select>
             <!--<label></label>
             <input type="text" />!-->
-            <input multiple type="file" name="files[]" id="input" />
+            <input multiple type="file" name="files[]" id="input" required/>
             <input type="submit" name="submit" value="Upload" />
         </form>
         <div id="error" style="display:none"></div>
diff --git a/src/API/PhotoPrism.php b/src/API/PhotoPrism.php
index 9a7f882..c810263 100644
--- a/src/API/PhotoPrism.php
+++ b/src/API/PhotoPrism.php
@@ -180,6 +180,36 @@ class PhotoPrism
         return $albums;
     }
 
+    public function getAlbumsByTokens(array $tokens, int $count = 1000, int $offset = 0): array
+    {
+        $albums = $this->getAlbums($count, 0);
+        $visibleAlbums = [];
+        foreach ($albums as $album) {
+            $token = $this->getAlbumToken($album);
+            $album->token = $token;
+            if (in_array($album->token, $tokens)) {
+                $visibleAlbums[] = $album;
+            } else {
+                $this->logger->debug('Skipping album without access: ' . $album->title);
+            }
+        }
+
+        $this->logger->debug('getAlbumsByToken' . json_encode($visibleAlbums));
+        return $visibleAlbums;
+    }
+
+    public function getAlbumToken($album): string
+    {
+        $uid = is_string($album) ? $album : $album->uid;
+        $res = $this->makeRequest('GET', '/albums/' . $uid . '/links');
+        $response = json_decode($res, true)[0];
+        if (!empty($response['error'])) {
+            throw new NetworkException($response['error']);
+        }
+        $this->logger->debug('Token response: ' . $res);
+        return $response['Token'];
+    }
+
     public function uploadPhotos(?string $album = null)
     {
         $path = time();
diff --git a/src/Entities/Album.php b/src/Entities/Album.php
index 523780d..f31c339 100644
--- a/src/Entities/Album.php
+++ b/src/Entities/Album.php
@@ -8,6 +8,8 @@ class Album
     public string $uid = '';
     public string $slug = '';
     public string $title = '';
+    public ?string $token = null;
+
     public function __construct(
         array $response
     ) {