diff --git a/publicroomsapi/directory/public_rooms.go b/publicroomsapi/directory/public_rooms.go
index 65fac10de..75761802d 100644
--- a/publicroomsapi/directory/public_rooms.go
+++ b/publicroomsapi/directory/public_rooms.go
@@ -21,6 +21,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/matrix-org/dendrite/clientapi/auth"
+
 	"github.com/matrix-org/dendrite/common/config"
 
 	"github.com/matrix-org/dendrite/clientapi/httputil"
@@ -44,14 +46,19 @@ type filter struct {
 // GetPostPublicRooms implements GET and POST /publicRooms
 func GetPostPublicRooms(
 	req *http.Request, cfg *config.Dendrite, server gomatrixserverlib.ServerName,
-	publicRoomDatabase storage.Database, fedClient *gomatrixserverlib.FederationClient,
+	publicRoomDatabase storage.Database, fedClient *gomatrixserverlib.FederationClient, data auth.Data,
 ) util.JSONResponse {
 	var request PublicRoomReq
 	if fillErr := fillPublicRoomsReq(req, &request); fillErr != nil {
 		return *fillErr
 	}
 	if server != "" && server != cfg.Matrix.ServerName {
-		//TODO Authenticate user before serving rooms from other server
+		// We require requests to be authenticated in order
+		// to serve public rooms from other server
+		_, jsonerr := auth.VerifyUserFromRequest(req, data)
+		if jsonerr != nil {
+			return *jsonerr
+		}
 		fres, err := fedClient.GetPublicRooms(req.Context(), server, int(request.Limit),
 			request.Since, false, "")
 		if err != nil {
diff --git a/publicroomsapi/routing/routing.go b/publicroomsapi/routing/routing.go
index 6a9d0e605..e77aeef97 100644
--- a/publicroomsapi/routing/routing.go
+++ b/publicroomsapi/routing/routing.go
@@ -75,14 +75,14 @@ func Setup(
 				return directory.GetPostPublicRoomsWithExternal(req, publicRoomsDB, fedClient, extRoomsProvider)
 			}
 			server := gomatrixserverlib.ServerName(req.URL.Query().Get("server"))
-			return directory.GetPostPublicRooms(req, cfg, server, publicRoomsDB, fedClient)
+			return directory.GetPostPublicRooms(req, cfg, server, publicRoomsDB, fedClient, authData)
 		}),
 	).Methods(http.MethodGet, http.MethodPost, http.MethodOptions)
 
 	// Federation - TODO: should this live here or in federation API? It's sure easier if it's here so here it is.
 	apiMux.Handle("/_matrix/federation/v1/publicRooms",
 		common.MakeExternalAPI("federation_public_rooms", func(req *http.Request) util.JSONResponse {
-			return directory.GetPostPublicRooms(req, cfg, cfg.Matrix.ServerName, publicRoomsDB, fedClient)
+			return directory.GetPostPublicRooms(req, cfg, cfg.Matrix.ServerName, publicRoomsDB, fedClient, authData)
 		}),
 	).Methods(http.MethodGet)
 }