diff --git a/admin/app/controllers/settings/meter/meter.controller.js b/admin/app/controllers/settings/meter/meter.controller.js
index 2604eaa7..747c3bbe 100644
--- a/admin/app/controllers/settings/meter/meter.controller.js
+++ b/admin/app/controllers/settings/meter/meter.controller.js
@@ -130,6 +130,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			}
 		});
 		modalInstance.result.then(function(meter) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
 			meter.energy_category_id = meter.energy_category.id;
 			meter.cost_center_id = meter.cost_center.id;
 			if(angular.isDefined(meter.energy_item)) {
@@ -142,7 +143,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			} else {
 				meter.master_meter_id = undefined;
 			}
-			MeterService.addMeter(meter, function (response) {
+			MeterService.addMeter(meter, headers, function (response) {
 				if (angular.isDefined(response.status) && response.status === 201) {
 					toaster.pop({
 						type: "success",
@@ -186,6 +187,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 		});
 
 		modalInstance.result.then(function(modifiedMeter) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
 			modifiedMeter.energy_category_id = modifiedMeter.energy_category.id;
 			modifiedMeter.cost_center_id = modifiedMeter.cost_center.id;
 			if (modifiedMeter.energy_item != null && modifiedMeter.energy_item.id != null ) {
@@ -198,7 +200,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			} else {
 				modifiedMeter.master_meter_id = undefined;
 			}
-			MeterService.editMeter(modifiedMeter, function (response) {
+			MeterService.editMeter(modifiedMeter, headers,function (response) {
 				if (angular.isDefined(response.status) && response.status === 200) {
 					toaster.pop({
 						type: "success",
@@ -236,7 +238,8 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			},
 			function(isConfirm) {
 				if (isConfirm) {
-					MeterService.deleteMeter(meter, function (response) {
+					let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+					MeterService.deleteMeter(meter, headers, function (response) {
 						if (angular.isDefined(response.status) && response.status === 204) {
 							toaster.pop({
 								type: "success",
diff --git a/admin/app/services/settings/meter/meter.service.js b/admin/app/services/settings/meter/meter.service.js
index 1b5b7046..3241fb90 100644
--- a/admin/app/services/settings/meter/meter.service.js
+++ b/admin/app/services/settings/meter/meter.service.js
@@ -25,24 +25,24 @@ app.factory('MeterService', function($http) {
                 callback(response);
             });
         },
-        addMeter: function(meter, callback) {
-            $http.post(getAPI()+'meters',{data:meter})
+        addMeter: function(meter, headers, callback) {
+            $http.post(getAPI()+'meters',{data:meter}, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {
                 callback(response);
             });
         },
-        editMeter: function(meter, callback) {
-            $http.put(getAPI()+'meters/'+meter.id,{data:meter})
+        editMeter: function(meter, headers, callback) {
+            $http.put(getAPI()+'meters/'+meter.id,{data:meter}, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {
                 callback(response);
             });
         },
-        deleteMeter: function(meter, callback) {
-            $http.delete(getAPI()+'meters/'+meter.id)
+        deleteMeter: function(meter, headers, callback) {
+            $http.delete(getAPI()+'meters/'+meter.id, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {
diff --git a/myems-api/core/meter.py b/myems-api/core/meter.py
index d98bd9de..5a5dd1a2 100644
--- a/myems-api/core/meter.py
+++ b/myems-api/core/meter.py
@@ -3,7 +3,7 @@ import simplejson as json
 import mysql.connector
 import config
 import uuid
-from core.useractivity import user_logger
+from core.useractivity import user_logger, access_control
 
 
 class MeterCollection:
@@ -105,6 +105,7 @@ class MeterCollection:
     @user_logger
     def on_post(req, resp):
         """Handles POST requests"""
+        access_control(req)
         try:
             raw_json = req.stream.read().decode('utf-8')
         except Exception as ex:
@@ -373,6 +374,7 @@ class MeterItem:
     @staticmethod
     @user_logger
     def on_delete(req, resp, id_):
+        access_control(req)
         if not id_.isdigit() or int(id_) <= 0:
             raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                    description='API.INVALID_METER_ID')
@@ -550,6 +552,7 @@ class MeterItem:
     @user_logger
     def on_put(req, resp, id_):
         """Handles PUT requests"""
+        access_control(req)
         try:
             raw_json = req.stream.read().decode('utf-8')
         except Exception as ex: