diff --git a/cof/settings/common.py b/cof/settings/common.py
index 2384cf87..5ed17865 100644
--- a/cof/settings/common.py
+++ b/cof/settings/common.py
@@ -24,7 +24,7 @@ except KeyError:
 try:
     from .secret import (
         SECRET_KEY, RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY, ADMINS,
-        REDIS_PASSWD, REDIS_DB, REDIS_HOST, REDIS_PORT
+        REDIS_PASSWD, REDIS_DB, REDIS_HOST, REDIS_PORT, KFETOPEN_TOKEN,
     )
 except ImportError:
     raise RuntimeError("Secrets missing")
diff --git a/cof/settings/secret_example.py b/cof/settings/secret_example.py
index eeb5271c..a1d35b68 100644
--- a/cof/settings/secret_example.py
+++ b/cof/settings/secret_example.py
@@ -6,3 +6,5 @@ REDIS_PORT = 6379
 REDIS_DB = 0
 REDIS_HOST = "127.0.0.1"
 ADMINS = None
+
+KFETOPEN_TOKEN = "plop"
diff --git a/kfet/open/tests.py b/kfet/open/tests.py
index 8cf1b6d0..54386586 100644
--- a/kfet/open/tests.py
+++ b/kfet/open/tests.py
@@ -136,7 +136,10 @@ class OpenKfetViewsTest(ChannelTestCase):
     def test_door(self):
         """Edit raw_status."""
         for sent, expected in [(1, True), (0, False)]:
-            resp = Client().post('/k-fet/open/raw_open', {'raw_open': sent})
+            resp = Client().post('/k-fet/open/raw_open', {
+                'raw_open': sent,
+                'token': 'plop',
+            })
             self.assertEqual(200, resp.status_code)
             self.assertEqual(expected, kfet_open.raw_open)
 
@@ -254,7 +257,10 @@ class OpenKfetScenarioTest(ChannelTestCase):
         self.ws_connect(self.r_c_ws)
 
         # door sent "I'm open!"
-        self.c.post('/k-fet/open/raw_open', {'raw_open': True})
+        self.c.post('/k-fet/open/raw_open', {
+            'raw_open': True,
+            'token': 'plop',
+        })
 
         # anonymous user agree
         msg = self.c_ws.receive(json=True)
diff --git a/kfet/open/views.py b/kfet/open/views.py
index 5245b4c4..4f1efa5f 100644
--- a/kfet/open/views.py
+++ b/kfet/open/views.py
@@ -1,3 +1,5 @@
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import permission_required
 from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
@@ -12,6 +14,9 @@ TRUE_STR = ['1', 'True', 'true']
 @csrf_exempt
 @require_POST
 def raw_open(request):
+    token = request.POST.get('token')
+    if token != settings.KFETOPEN_TOKEN:
+        raise PermissionDenied
     raw_open = request.POST.get('raw_open') in TRUE_STR
     kfet_open.raw_open = raw_open
     kfet_open.send_ws()