diff --git a/samy.ps1 b/samy.ps1
index 9535729..9cbd12f 100644
--- a/samy.ps1
+++ b/samy.ps1
@@ -1434,6 +1434,13 @@ function Send-JSON {
         $raw = (New-Object IO.StreamReader $Context.Request.InputStream).ReadToEnd()
         $pw  = (ConvertFrom-Json $raw).password
 
+        $trusted = Test-TrustedCaller -Context $Context
+        if ([string]::IsNullOrWhiteSpace($pw) -and -not $trusted) {
+            $Context.Response.StatusCode = 401
+            Send-Text $Context "Password required from untrusted IP."
+            return
+        }
+
          # ★ Store it globally for the next call ★
         $Global:WebhookPassword = $pw