diff --git a/src/main/java/org/qortal/api/Security.java b/src/main/java/org/qortal/api/Security.java
index ea0504d9..09c98988 100644
--- a/src/main/java/org/qortal/api/Security.java
+++ b/src/main/java/org/qortal/api/Security.java
@@ -1,5 +1,8 @@
 package org.qortal.api;
 
+import org.qortal.arbitrary.ArbitraryDataResource;
+import org.qortal.arbitrary.misc.Service;
+import org.qortal.controller.arbitrary.ArbitraryDataRenderManager;
 import org.qortal.settings.Settings;
 
 import java.io.IOException;
@@ -61,6 +64,23 @@ public abstract class Security {
 		}
 	}
 
+	public static void requirePriorAuthorization(HttpServletRequest request, String resourceId, Service service, String identifier) {
+		ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, service, identifier);
+		if (!ArbitraryDataRenderManager.getInstance().isAuthorized(resource)) {
+			throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Call /render/authorize first");
+		}
+	}
+
+	public static void requirePriorAuthorizationOrApiKey(HttpServletRequest request, String resourceId, Service service, String identifier) {
+		try {
+			Security.checkApiCallAllowed(request);
+
+		} catch (ApiException e) {
+			// API call wasn't allowed, but maybe it was pre-authorized
+			Security.requirePriorAuthorization(request, resourceId, service, identifier);
+		}
+	}
+
 	public static ApiKey getApiKey(HttpServletRequest request) {
 		ApiKey apiKey = ApiService.getInstance().getApiKey();
 		if (apiKey == null) {
diff --git a/src/main/java/org/qortal/api/resource/ArbitraryResource.java b/src/main/java/org/qortal/api/resource/ArbitraryResource.java
index cad871f5..ed86470d 100644
--- a/src/main/java/org/qortal/api/resource/ArbitraryResource.java
+++ b/src/main/java/org/qortal/api/resource/ArbitraryResource.java
@@ -140,10 +140,12 @@ public class ArbitraryResource {
 					)
 			}
 	)
+	@SecurityRequirement(name = "apiKey")
 	public ArbitraryResourceSummary getDefaultResourceStatus(@PathParam("service") Service service,
 													  		 @PathParam("name") String name,
 															 @QueryParam("build") Boolean build) {
 
+		Security.requirePriorAuthorizationOrApiKey(request, name, service, null);
 		return this.getSummary(service, name, null, build);
 	}
 
@@ -158,11 +160,13 @@ public class ArbitraryResource {
 					)
 			}
 	)
+	@SecurityRequirement(name = "apiKey")
 	public ArbitraryResourceSummary getResourceStatus(@PathParam("service") Service service,
 													  @PathParam("name") String name,
 													  @PathParam("identifier") String identifier,
 													  @QueryParam("build") Boolean build) {
 
+		Security.requirePriorAuthorizationOrApiKey(request, name, service, identifier);
 		return this.getSummary(service, name, identifier, build);
 	}
 
diff --git a/src/main/java/org/qortal/api/resource/RenderResource.java b/src/main/java/org/qortal/api/resource/RenderResource.java
index 5b2b1333..78235cbc 100644
--- a/src/main/java/org/qortal/api/resource/RenderResource.java
+++ b/src/main/java/org/qortal/api/resource/RenderResource.java
@@ -122,7 +122,7 @@ public class RenderResource {
     @Path("/signature/{signature}")
     @SecurityRequirement(name = "apiKey")
     public HttpServletResponse getIndexBySignature(@PathParam("signature") String signature) {
-        requirePriorAuthorization(signature, Service.WEBSITE, null);
+        Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null);
         return this.get(signature, ResourceIdType.SIGNATURE, null, "/", null, "/render/signature", true, true);
     }
 
@@ -130,7 +130,7 @@ public class RenderResource {
     @Path("/signature/{signature}/{path:.*}")
     @SecurityRequirement(name = "apiKey")
     public HttpServletResponse getPathBySignature(@PathParam("signature") String signature, @PathParam("path") String inPath) {
-        requirePriorAuthorization(signature, Service.WEBSITE, null);
+        Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null);
         return this.get(signature, ResourceIdType.SIGNATURE, null, inPath,null, "/render/signature", true, true);
     }
 
@@ -138,7 +138,7 @@ public class RenderResource {
     @Path("/hash/{hash}")
     @SecurityRequirement(name = "apiKey")
     public HttpServletResponse getIndexByHash(@PathParam("hash") String hash58, @QueryParam("secret") String secret58) {
-        requirePriorAuthorization(hash58, Service.WEBSITE, null);
+        Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null);
         return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, "/", secret58, "/render/hash", true, false);
     }
 
@@ -147,7 +147,7 @@ public class RenderResource {
     @SecurityRequirement(name = "apiKey")
     public HttpServletResponse getPathByHash(@PathParam("hash") String hash58, @PathParam("path") String inPath,
                                              @QueryParam("secret") String secret58) {
-        requirePriorAuthorization(hash58, Service.WEBSITE, null);
+        Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null);
         return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, inPath, secret58, "/render/hash", true, false);
     }
 
@@ -157,7 +157,7 @@ public class RenderResource {
     public HttpServletResponse getPathByName(@PathParam("service") Service service,
                                              @PathParam("name") String name,
                                              @PathParam("path") String inPath) {
-        requirePriorAuthorization(name, service, null);
+        Security.requirePriorAuthorization(request, name, service, null);
         String prefix = String.format("/render/%s", service);
         return this.get(name, ResourceIdType.NAME, service, inPath, null, prefix, true, true);
     }
@@ -167,7 +167,7 @@ public class RenderResource {
     @SecurityRequirement(name = "apiKey")
     public HttpServletResponse getIndexByName(@PathParam("service") Service service,
                                               @PathParam("name") String name) {
-        requirePriorAuthorization(name, service, null);
+        Security.requirePriorAuthorization(request, name, service, null);
         String prefix = String.format("/render/%s", service);
         return this.get(name, ResourceIdType.NAME, service, "/", null, prefix, true, true);
     }
@@ -200,11 +200,4 @@ public class RenderResource {
         return renderer.render();
     }
 
-    private void requirePriorAuthorization(String resourceId, Service service, String identifier) {
-        ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, service, identifier);
-        if (!ArbitraryDataRenderManager.getInstance().isAuthorized(resource)) {
-            throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Call /render/authorize first");
-        }
-    }
-
 }