diff --git a/pages/api/me/websites.ts b/pages/api/me/websites.ts
index 15ea2485..dc9c0d62 100644
--- a/pages/api/me/websites.ts
+++ b/pages/api/me/websites.ts
@@ -4,16 +4,7 @@ import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok } from 'next-basics';
 import { getUserWebsites } from 'queries';
 
-export interface WebsitesRequestBody {
-  name: string;
-  domain: string;
-  shareId: string;
-}
-
-export default async (
-  req: NextApiRequestQueryBody<any, WebsitesRequestBody>,
-  res: NextApiResponse,
-) => {
+export default async (req: NextApiRequestQueryBody, res: NextApiResponse) => {
   await useCors(req, res);
   await useAuth(req, res);
 
diff --git a/pages/api/realtime/[id].ts b/pages/api/realtime/[id].ts
index 069db54a..e78599c6 100644
--- a/pages/api/realtime/[id].ts
+++ b/pages/api/realtime/[id].ts
@@ -1,22 +1,36 @@
 import { subMinutes } from 'date-fns';
-import { RealtimeInit, NextApiRequestAuth } from 'lib/types';
+import { canViewWebsite } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
+import { NextApiRequestQueryBody, RealtimeInit } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok } from 'next-basics';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { getRealtimeData } from 'queries';
 
-export default async (req: NextApiRequestAuth, res: NextApiResponse<RealtimeInit>) => {
+export interface RealtimeRequestQuery {
+  id: string;
+  startAt: number;
+}
+
+export default async (
+  req: NextApiRequestQueryBody<RealtimeRequestQuery>,
+  res: NextApiResponse<RealtimeInit>,
+) => {
   await useAuth(req, res);
 
   if (req.method === 'GET') {
-    const { id, startAt } = req.query;
+    const { id: websiteId, startAt } = req.query;
+
+    if (!(await canViewWebsite(req.auth, websiteId))) {
+      return unauthorized(res);
+    }
+
     let startTime = subMinutes(new Date(), 30);
 
     if (+startAt > startTime.getTime()) {
       startTime = new Date(+startAt);
     }
 
-    const data = await getRealtimeData(id, startTime);
+    const data = await getRealtimeData(websiteId, startTime);
 
     return ok(res, data);
   }