diff --git a/middleware.ts b/middleware.ts
index cd70f3e8..2e0032da 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -29,8 +29,29 @@ export default withAuth(
             return true;
           }
           
-          // For protected API endpoints, check if the request has a valid session
-          if (!token) {
+          // For protected API endpoints, check if the request has a valid session and token
+          if (!token || !token.accessToken) {
+            return false;
+          }
+          
+          // Check if the token has the required roles for the specific service
+          const path = req.nextUrl.pathname;
+          const userRoles = token.role || [];
+          
+          // Add role checks for specific services
+          if (path.startsWith('/api/artlab') && !userRoles.includes('Expression')) {
+            return false;
+          }
+          
+          if (path.startsWith('/api/gite') && !userRoles.includes('DataIntelligence')) {
+            return false;
+          }
+          
+          if (path.startsWith('/api/calculation') && !userRoles.includes('Calculation')) {
+            return false;
+          }
+          
+          if (path.startsWith('/api/mediations') && !userRoles.includes('Mediations')) {
             return false;
           }