diff --git a/lib/api.js b/lib/api.js
index de03ad85..db35209a 100644
--- a/lib/api.js
+++ b/lib/api.js
@@ -74,8 +74,48 @@ module.exports = function (Server) {
             loaded: false
         };
 
-        if(Server.isChannelLoaded(name))
-            data = getChannelData(Server.getChannel(name));
+        var needPassword = false;
+        var chan = null;
+        if (Server.isChannelLoaded(name)) {
+            chan = Server.getChannel(name);
+            data = getChannelData(chan);
+            needPassword = chan.opts.password;
+        }
+
+        if (needPassword !== false) {
+            var pw = req.query.password;
+            if (pw !== needPassword) {
+                var uname = req.cookies.cytube_uname;
+                var session = req.cookies.cytube_session;
+                Server.db.userLoginSession(uname, session, function (err, row) {
+                    if (err) {
+                        res.status(403);
+                        res.type("application/json");
+                        res.jsonp({
+                            error: "Password required to view this channel"
+                        });
+                        return;
+                    }
+                    
+                    if (chan !== null) {
+                        chan.getRank(uname, function (err, rank) {
+                            if (err || rank < 2) {
+                                res.status(403);
+                                res.type("application/json");
+                                res.jsonp({
+                                    error: "Password required to view this channel"
+                                });
+                                return;
+                            }
+
+                            res.type("application/json");
+                            res.jsonp(data);
+                        });
+                    }
+                });
+                return;
+            }
+        }
 
         res.type("application/json");
         res.jsonp(data);
diff --git a/lib/channel.js b/lib/channel.js
index 6b78e574..56b95c77 100644
--- a/lib/channel.js
+++ b/lib/channel.js
@@ -99,7 +99,7 @@ var Channel = function(name) {
         },
         show_public: false,
         enable_link_regex: true,
-        password: "tomato74"
+        password: false
     };
     self.filters = [
         new Filter("monospace", "`([^`]+)`", "g", "<code>$1</code>"),
@@ -801,6 +801,22 @@ Channel.prototype.search = function(query, callback) {
 
 /* REGION User interaction */
 
+Channel.prototype.addPendingJoin = function (user, password) {
+    var self = this;
+    if (!("pendingJoins" in self)) {
+        self.pendingJoins = [];
+    }
+    for (var i = 0; i < self.pendingJoins.length; i++) {
+        if (self.pendingJoins[i].user === user) {
+            return;
+        }
+    }
+    self.pendingJoins.push({
+        user: user,
+        pw: password
+    });
+};
+
 Channel.prototype.handlePendingJoins = function () {
     var self = this;
     self.pendingJoins.forEach(function (u) {
@@ -812,15 +828,7 @@ Channel.prototype.handlePendingJoins = function () {
 Channel.prototype.userJoin = function(user, password) {
     var self = this;
     if (!self.ready) {
-        if (!("pendingJoins" in self)) {
-            self.pendingJoins = [];
-        }
-        if (self.pendingJoins.indexOf(user) === -1) {
-            self.pendingJoins.push({
-                user: user,
-                pw: password
-            });
-        }
+        self.addPendingJoin(user, password);
         return;
     }