Although i'm fairly sure we could have hard checks everytime when user hits an API resource