diff --git a/src/endpoints_handlers/RootExecutor.h b/src/endpoints_handlers/RootExecutor.h
index 3d0e2fb..0555657 100644
--- a/src/endpoints_handlers/RootExecutor.h
+++ b/src/endpoints_handlers/RootExecutor.h
@@ -80,7 +80,7 @@ public:
        }
       );
 
-    routes_pathes_["api/v1/User/Medications"] = std::make_unique<RouteController>(
+    routes_pathes_["/api/v1/User/Medications"] = std::make_unique<RouteController>(
        typename RouteController::HTTPMethodsToExecutors{
          {
            boost::beast::http::verb::get,
diff --git a/src/endpoints_handlers/UserGetMedicationsExecutor.h b/src/endpoints_handlers/UserGetMedicationsExecutor.h
index 90c3398..4c8288a 100644
--- a/src/endpoints_handlers/UserGetMedicationsExecutor.h
+++ b/src/endpoints_handlers/UserGetMedicationsExecutor.h
@@ -36,6 +36,23 @@ public:
     using namespace boost::json;
     using namespace boost::beast;
     using namespace std::string_literals;
+    using namespace std::string_view_literals;
+
+    constexpr std::string_view auth_prefix = "Bearer "sv;
+
+    BOOST_LOG_TRIVIAL(info) << "GET /api/v1/User/Medications - Request";
+
+    if (req[http::field::authorization].begin() == req[http::field::authorization].end())
+    {
+      BOOST_LOG_TRIVIAL(info) << "GET /api/v1/User/Medications - Response 401: Unauthorized";
+      throw session_exception(http::status::unauthorized, "Unauthorized");
+    }
+
+    const std::string auth_string = {*req[http::field::authorization].begin()};
+
+    const std::string auth_token = {auth_string.begin() + auth_prefix.size(), auth_string.end()};
+
+    if (auth_dao_->HasAuthorized(auth_token)) {}
 
 
     http::response<ResponseType> res{http::status::ok, req.version()};