diff --git a/src/poll.rs b/src/poll.rs
index e726836..328f7a8 100644
--- a/src/poll.rs
+++ b/src/poll.rs
@@ -3,6 +3,7 @@ use rocket::http::Status;
 use rocket::serde::uuid::Uuid;
 use rocket::serde::{json::Json, Serialize};
 use rocket_db_pools::Connection;
+use crate::user::AuthenticatedUser;
 
 #[derive(Debug, Serialize)]
 #[serde(crate = "rocket::serde")]
@@ -14,18 +15,25 @@ pub struct FeedPollResponse {
 pub async fn poll_feed(
     mut db: Connection<Db>,
     feed_id: Uuid,
+    user: AuthenticatedUser
 ) -> Result<Json<FeedPollResponse>, Status> {
     let feed_id = feed_id.to_string();
-    // Get the feed URL from the database
-    let feed_url = sqlx::query!("SELECT url FROM feeds WHERE feed_id = ?", feed_id)
-        .fetch_optional(&mut **db)
-        .await
-        .map_err(|_| Status::InternalServerError)?
-        .ok_or(Status::NotFound)?
-        .url;
+    let user_id = user.user_id.to_string();
+    // Get the feed URL from the database, ensuring it belongs to the authenticated user
+    let feed_url = sqlx::query!(
+        "SELECT url FROM feeds WHERE feed_id = ? AND user_id = ?",
+        feed_id,
+        user_id
+    )
+    .fetch_optional(&mut **db)
+    .await
+    .map_err(|_| Status::InternalServerError)?
+    .ok_or(Status::NotFound)?
+    .url;
 
     // Parse the URL
-    let url = url::Url::parse(&feed_url).map_err(|_| Status::InternalServerError)?;
+    let url = url::Url::parse(&feed_url)
+        .map_err(|_| Status::InternalServerError)?;
 
     let feed_data = fetch_feed(&url).await.map_err(|_| Status::BadGateway)?;