diff --git a/.gitignore b/.gitignore
index 0c71c05..0630542 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 heartbeat.db
 venv/
 *.pyc
+token.json
 
 
diff --git a/heartbeat/export.py b/heartbeat/export.py
index 63915bd..b59e2b2 100644
--- a/heartbeat/export.py
+++ b/heartbeat/export.py
@@ -23,7 +23,7 @@ class ExportHandler(tornado.web.RequestHandler):
             # Not found
             raise tornado.web.HTTPError(404)
 
-        c.execute("SELECT * FROM beats WHERE createdAt > date('now', ?) ORDER BY createdAt ASC", (ranges[range],))
+        c.execute("SELECT * FROM beats WHERE recordedAt > date('now', ?) ORDER BY recordedAt ASC", (ranges[range],))
         self.write("id,bpm,timestamp\n")
         for row in c:
             self.write("{},{},{}\n".format(row['id'], row['bpm'], row['createdAt']))
diff --git a/heartbeat/server.py b/heartbeat/server.py
index 5a23556..1eebdfa 100644
--- a/heartbeat/server.py
+++ b/heartbeat/server.py
@@ -6,11 +6,18 @@ from .frontend import FrontendHandler
 from .export import ExportHandler
 import sqlite3
 import os
+import json
 
 def start(args):
     basedir = os.path.dirname(os.path.realpath(__file__)) +'/../'
     conn = sqlite3.connect(basedir + 'heartbeat.db')
 
+    with open(basedir+'token.json', 'r') as fp:
+        t = json.load(fp)
+        token = t['token']
+
+    print("VALIDATE WITH TOKEN: '{}'".format(token))
+
     conn.cursor()
     conn.row_factory = sqlite3.Row
     c = conn.cursor()
@@ -20,9 +27,11 @@ def start(args):
         bpm INTEGER,
         beatcount INTEGER,
         beattime REAL,
+        recordedAt TIMESTAMP,
         createdAt TIMESTAMP DEFAULT (datetime('now','localtime'))
     );
     """)
+    c.execute("CREATE INDEX IF NOT EXISTS beats_recordedAt ON beats (recordedAt);")
     conn.commit()
 
     # start a new WebSocket Application
@@ -30,7 +39,7 @@ def start(args):
     # WebSocketHandler as our handler
     application = tornado.web.Application([
         (r"/", FrontendHandler, {"conn": conn}),
-        (r"/ws", WebSocketHandler, {"conn": conn}),
+        (r"/ws", WebSocketHandler, {"conn": conn, "token": token}),
         (r"/(.*).csv", ExportHandler, {"conn": conn}),
     ],debug=True)
 
diff --git a/heartbeat/ws.py b/heartbeat/ws.py
index c95b091..4328775 100644
--- a/heartbeat/ws.py
+++ b/heartbeat/ws.py
@@ -7,11 +7,12 @@ import json
 class WebSocketHandler(tornado.websocket.WebSocketHandler):
 	connections = set()
 
-	def initialize(self, conn):
+	def initialize(self, conn, token):
 		"""
 		conn: sqlite3 connection
 		"""
 		self.conn = conn
+		self.token = token
 
 	# the client connected
 	def open(self):
@@ -28,6 +29,9 @@ class WebSocketHandler(tornado.websocket.WebSocketHandler):
 			[con.write_message(message) for con in self.connections]
 			return False
 
+		if beat['token'] != self.token:
+			raise Exception("Invalid token!")
+
 		if beat['rate'].endswith('*'):
 			beat['rate'] = beat['rate'][:-1]
 		beat['rate'] = beat['rate'].strip()
@@ -38,10 +42,14 @@ class WebSocketHandler(tornado.websocket.WebSocketHandler):
 			beat['time'] = beat['time'][:-1]
 		beat['time'] = beat['time'].strip()
 
+		beat['timestamp'] = beat['timestamp'].strip()
+
+		print(beat)
+
 		c = self.conn.cursor()
 		c.execute("""
-		INSERT INTO beats (bpm,beatcount,beattime)
-		VALUES (:rate, :count, :time)
+		INSERT INTO beats (bpm,beatcount,beattime, recordedAt)
+		VALUES (:rate, :count, :time, :timestamp)
 		""", beat)
 		insertid = c.lastrowid
 		self.conn.commit()
diff --git a/token.example.json b/token.example.json
new file mode 100644
index 0000000..1891753
--- /dev/null
+++ b/token.example.json
@@ -0,0 +1 @@
+{"token":"abcdefghijklmnop"}