# Protected Endpoints

NextAuth is offering a very simple solution with **Sessions**:

{% code lineNumbers="true" %}

```typescript
import { getServerSession } from "next-auth/next";

...

export async function DELETE( request, { params }) {
  const session = await getServerSession(authOptions);
  if (!session || !session.user?.email) {
    return new Response("Unauthorized", {
      status: 401,
      statusText: "Unauthorized",
    });
  }
  ...
}
```

{% endcode %}