diff --git a/backend/backend/api.py b/backend/backend/api.py
index 5e309aa..3239ffc 100644
--- a/backend/backend/api.py
+++ b/backend/backend/api.py
@@ -13,7 +13,7 @@ class ToDoListSerializer(serializers.HyperlinkedModelSerializer):
 class ToDoListViewSet(viewsets.ModelViewSet):
     queryset = ToDoList.objects.all()
     serializer_class = ToDoListSerializer
-    #permission_classes = [permissions.IsAuthenticated] TODO раскомментировать и сделать авторизацию
+    permission_classes = [permissions.IsAuthenticated]
 
 
 router = routers.DefaultRouter()
diff --git a/backend/backend/settings.py b/backend/backend/settings.py
index 05515d2..54f089b 100644
--- a/backend/backend/settings.py
+++ b/backend/backend/settings.py
@@ -26,8 +26,9 @@ SECRET_KEY = "django-insecure-toz+*lt(ejm!l*)92w2ciqoh^1kz#a(abbpcn54-dbw(nxoy&7
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = ["0.0.0.0"]
-
+ALLOWED_HOSTS = []
+if DEBUG: 
+    ALLOWED_HOSTS = ["0.0.0.0"]   
 
 # Application definition
 
@@ -43,6 +44,16 @@ INSTALLED_APPS = [
     "drf_yasg",
 ]
 
+SWAGGER_SETTINGS = {
+   'SECURITY_DEFINITIONS': {
+        'Bearer': {
+            'type': 'apiKey',
+            'name': 'Authorization',
+            'in': 'header'
+        }
+    }
+}
+
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 9ff2e56..b4b923b 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -21,4 +21,4 @@ toml==0.10.2
 urllib3==1.26.4
 djangorestframework-simplejwt==4.6.0
 psycopg2-binary>=2.8
-drf-yasg
+drf-yasg>=1.20.0