diff --git a/src/WebApi_inverter.cpp b/src/WebApi_inverter.cpp
index 12cadaf0..f467fd5d 100644
--- a/src/WebApi_inverter.cpp
+++ b/src/WebApi_inverter.cpp
@@ -8,6 +8,7 @@
 #include "Configuration.h"
 #include "Hoymiles.h"
 #include "MqttHassPublishing.h"
+#include "WebApi.h"
 #include "helper.h"
 
 void WebApiInverterClass::init(AsyncWebServer* server)
@@ -28,6 +29,10 @@ void WebApiInverterClass::loop()
 
 void WebApiInverterClass::onInverterList(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentials(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse(false, 4096U);
     JsonObject root = response->getRoot();
     JsonArray data = root.createNestedArray(F("inverter"));
@@ -66,6 +71,10 @@ void WebApiInverterClass::onInverterList(AsyncWebServerRequest* request)
 
 void WebApiInverterClass::onInverterAdd(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentials(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject retMsg = response->getRoot();
     retMsg[F("type")] = F("warning");
@@ -151,6 +160,10 @@ void WebApiInverterClass::onInverterAdd(AsyncWebServerRequest* request)
 
 void WebApiInverterClass::onInverterEdit(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentials(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject retMsg = response->getRoot();
     retMsg[F("type")] = F("warning");
@@ -265,6 +278,10 @@ void WebApiInverterClass::onInverterEdit(AsyncWebServerRequest* request)
 
 void WebApiInverterClass::onInverterDelete(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentials(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject retMsg = response->getRoot();
     retMsg[F("type")] = F("warning");
diff --git a/webapp/src/router/index.ts b/webapp/src/router/index.ts
index a9bed45c..4e343a73 100644
--- a/webapp/src/router/index.ts
+++ b/webapp/src/router/index.ts
@@ -100,7 +100,7 @@ const router = createRouter({
 router.beforeEach((to, from, next) => {
     // redirect to login page if not logged in and trying to access a restricted page
     const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt',
-        '/settings/inverter', '/firmware/upgrade', '/settings/config', ];
+        '/firmware/upgrade', '/settings/config', ];
     const authRequired = !publicPages.includes(to.path);
     const loggedIn = localStorage.getItem('user');
 
diff --git a/webapp/src/views/InverterAdminView.vue b/webapp/src/views/InverterAdminView.vue
index 682e61e8..61441878 100644
--- a/webapp/src/views/InverterAdminView.vue
+++ b/webapp/src/views/InverterAdminView.vue
@@ -147,6 +147,7 @@ import {
 } from 'bootstrap-icons-vue';
 import * as bootstrap from 'bootstrap';
 import BootstrapAlert from "@/components/BootstrapAlert.vue";
+import { handleResponse, authHeader } from '@/utils/authentication';
 
 declare interface Inverter {
     id: string,
@@ -196,8 +197,8 @@ export default defineComponent({
     methods: {
         getInverters() {
             this.dataLoading = true;
-            fetch("/api/inverter/list")
-                .then((response) => response.json())
+            fetch("/api/inverter/list", { headers: authHeader() })
+                .then(handleResponse)
                 .then((data) => {
                     this.inverters = data.inverter;
                     this.dataLoading = false;
@@ -209,15 +210,10 @@ export default defineComponent({
 
             fetch("/api/inverter/add", {
                 method: "POST",
+                headers: authHeader(),
                 body: formData,
             })
-                .then(function (response) {
-                    if (response.status != 200) {
-                        throw response.status;
-                    } else {
-                        return response.json();
-                    }
-                })
+                .then(handleResponse)
                 .then(
                     (response) => {
                         this.alertMessage = response.message;
@@ -250,15 +246,10 @@ export default defineComponent({
 
             fetch("/api/inverter/del", {
                 method: "POST",
+                headers: authHeader(),
                 body: formData,
             })
-                .then(function (response) {
-                    if (response.status != 200) {
-                        throw response.status;
-                    } else {
-                        return response.json();
-                    }
-                })
+                .then(handleResponse)
                 .then(
                     (response) => {
                         this.alertMessage = response.message;
@@ -295,15 +286,10 @@ export default defineComponent({
 
             fetch("/api/inverter/edit", {
                 method: "POST",
+                headers: authHeader(),
                 body: formData,
             })
-                .then(function (response) {
-                    if (response.status != 200) {
-                        throw response.status;
-                    } else {
-                        return response.json();
-                    }
-                })
+                .then(handleResponse)
                 .then(
                     (response) => {
                         this.alertMessage = response.message;