Authenticating before returning a request