diff --git a/assets/javascript/nastenka_sync.js b/assets/javascript/nastenka_sync.js
index def9e717c813633394930b39ff532e94dbe1b4d7..b0ef2ea569a7f3c4e59bf340a463a67deb78344c 100644
--- a/assets/javascript/nastenka_sync.js
+++ b/assets/javascript/nastenka_sync.js
@@ -21,8 +21,7 @@ window.addEventListener(
                     return;
                 }
 
-                nextUrl.searchParams.append("sid", window.SESSION_ID);
-                nextUrl.searchParams.append("user-agent", window.navigator.userAgent);
+                nextUrl.searchParams.append("token", window.TOKEN);
 
                 window.location = nextUrl;
             }
diff --git a/ext/eparsons/restapi/config/routing.yml b/ext/eparsons/restapi/config/routing.yml
index 216a7c2155a2c14d6564160b3e9cfeef0a0c8c6d..0209f1a86cb42e07c52fc34151959275e31db5bb 100755
--- a/ext/eparsons/restapi/config/routing.yml
+++ b/ext/eparsons/restapi/config/routing.yml
@@ -17,7 +17,7 @@ eparsons_restapi_users_user:
         userId: \d+
 
 eparsons_restapi_forums_threads:
-    path: /restApiV1/forums/{forumId}/threads
+    path: /restApiV1/forums/{forum_id}/threads
     defaults: { _controller: eparsons.restapi.controller.forums:viewThreads }
     requirements:
-        forumId: \d+
+        forum_id: \d+
diff --git a/ext/eparsons/restapi/controller/forums/Forums.php b/ext/eparsons/restapi/controller/forums/Forums.php
index 80affff9da5d1f313d83696c7946b6869bf4ee8d..4ff83c5dfc79ef43199e63707977a25288dceeb2 100755
--- a/ext/eparsons/restapi/controller/forums/Forums.php
+++ b/ext/eparsons/restapi/controller/forums/Forums.php
@@ -49,11 +49,11 @@ class Forums
     }
 
     /**
-    * Handler for /api/forums/{forumId}/threads GET requests
+    * Handler for /api/forums/{forum_id}/threads GET requests
     *
     * @return JsonResponse A Symfony Response object
     */
-    public function viewThreads($forumId)
+    public function viewThreads($forum_id)
     {
         $errorResponse = $this->validation->ValidateRequest('GET');
         if ($errorResponse != null)
@@ -61,16 +61,55 @@ class Forums
             return $errorResponse;
         }
 
-        global $db, $phpbb_container;
+        $forum_id = (int)$forum_id;
+
+        global $db, $phpbb_container, $table_prefix, $request;
 
         $phpbb_content_visibility = $phpbb_container->get('content.visibility');
 
+        $request->enable_super_globals();
+
+        if (!isset($_GET["token"])) {
+            http_response_code(400);
+            die();
+        }
+
+        $api_token_query = $db->sql_query(
+            'SELECT user_id, allowed_forum_ids
+            FROM ' . $table_prefix . 'api_tokens
+            WHERE token=\'' . $db->sql_escape($_GET["token"]) . '\''
+        );
+
+        $request->disable_super_globals();
+
+        $user_id = null;
+        $allowed_forum_ids = array();
+
+        while ($row = $db->sql_fetchrow($api_token_query)) {
+            $user_id = $row["user_id"];
+            $allowed_forum_ids = explode(",", $row["allowed_forum_ids"]);
+
+            foreach ($allowed_forum_ids as &$allowed_forum_id) {
+                $allowed_forum_id = (int)$allowed_forum_id;
+            }
+        }
+
+        if ($user_id === null) {
+            http_response_code(401);
+            die();
+        }
+
+        if (!in_array($forum_id, $allowed_forum_ids)) {
+            http_response_code(401);
+            die();
+        }
+
         $threads_query = $db->sql_query(
             'SELECT *
             FROM ' . TOPICS_TABLE . ' 
             WHERE
-                forum_id = ' . $forumId . '
-                AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forumId) . '
+                forum_id = ' . $forum_id . '
+                AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id) . '
             ORDER BY topic_id DESC'
         );
 
@@ -88,7 +127,7 @@ class Forums
                 FROM ' . POSTS_TABLE . ' 
                 WHERE
                     topic_id = ' . $row["topic_id"] . '
-                    AND ' . $phpbb_content_visibility->get_visibility_sql('post', $forumId) . '
+                    AND ' . $phpbb_content_visibility->get_visibility_sql('post', $forum_id) . '
                 ORDER BY post_id DESC'
             );
 
diff --git a/nastenka_sync.php b/nastenka_sync.php
index 1c8851a64799c77e47b8ea8e3209977d45ccf073..f9c95f1b954f8001d8fd961562eef2d2eebcbaa6 100755
--- a/nastenka_sync.php
+++ b/nastenka_sync.php
@@ -15,6 +15,7 @@ if ($user->data['user_id'] == ANONYMOUS)
     exit;
 }
 
+$request->enable_super_globals();
 
 if (!isset($_GET["forum_scopes"])) {
     http_response_code(400);
@@ -32,23 +33,43 @@ foreach ($requested_forum_ids as &$forum_id) {
 
     $forum_id = (int)$forum_id;
 
-    if (
-        $auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id)
-        && $forum_data['forum_type'] == FORUM_LINK
-        && $forum_data['forum_link']
-        && !$auth->acl_get('f_read', $forum_id)
-    ) {
+    $forum_data = null;
+    $forum_query = $db->sql_query(
+        'SELECT * FROM ' . $table_prefix . 'forums
+        WHERE forum_id= ' . $forum_id
+    );
+
+    while ($row = $db->sql_fetchrow($forum_query)) {
+        $forum_data = $row;
+    }
+
+    if ($forum_data === null) {
+        http_response_code(404);
+        die();
+    }
+
+    if (!(
+        !$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id)
+        || (
+            $forum_data['forum_type'] == FORUM_LINK
+            && $forum_data['forum_link']
+            && !$auth->acl_get('f_read', $forum_id)
+        )
+    )) {
         array_push($allowed_forum_ids, $forum_id);
     }
 }
 
 $db->sql_query(
     'CREATE TABLE IF NOT EXISTS ' . $table_prefix . 'api_tokens (
-        user_id INT PRIMARY KEY,
+        user_id INT(10) UNSIGNED,
         allowed_forum_ids TEXT NOT NULL,
         token VARCHAR(32) NOT NULL,
-        FOREIGN KEY (user_id) REFERENCES ' . $table_prefix . 'user(user_id) ON DELETE CASCADE
-    )'
+        PRIMARY KEY (user_id),
+        FOREIGN KEY (user_id)
+            REFERENCES ' . $table_prefix . 'users (user_id)
+            ON DELETE CASCADE
+    ) ENGINE=INNODB'
 );
 
 $existing_token_query = $db->sql_query(
@@ -71,15 +92,15 @@ if (!$token_exists) {
         'INSERT INTO ' . $table_prefix . 'api_tokens
         VALUES ('
             . $user->data["user_id"] . ', '
-            . '\'' . implode(",", allowed_forum_ids) . '\', '
-            . $token .
+            . '\'' . implode(",", $allowed_forum_ids) . '\', '
+            . '\'' . $token . '\'' .
         ')'
     );
 } else {
     $db->sql_query(
         'UPDATE ' . $table_prefix . 'api_tokens
-        WHERE user_id=' . $user->data["user_id"] . '
-        SET allowed_forum_ids = \'' . implode(",", allowed_forum_ids) . '\''
+        SET allowed_forum_ids = \'' . implode(",", $allowed_forum_ids) . '\'
+        WHERE user_id=' . $user->data["user_id"]
     );
 }
 
@@ -89,8 +110,10 @@ $template->set_filenames(array(
     'body' => 'nastenka_sync.html',
 ));
 $template->assign_vars(array(
-    'API_TOKEN' => $token,
+    'TOKEN' => $token,
 ));
 
+$request->disable_super_globals();
+
 page_footer();
 ?>
diff --git a/styles/all/template/nastenka_sync.html b/styles/all/template/nastenka_sync.html
index 8ca2ae870cbb89892a7eb00a8d4b7a611a49182b..1574f488ac607cfa209735a1ce7011786cb2cbb3 100644
--- a/styles/all/template/nastenka_sync.html
+++ b/styles/all/template/nastenka_sync.html
@@ -24,7 +24,7 @@
 </div>
 
 <script>
-    window.SESSION_ID = "{SESSION_ID}";
+    window.TOKEN = "{TOKEN}";
 </script>
 
 <script src="./assets/javascript/nastenka_sync.js?v=1"></script>