diff --git a/apps/web/src/pages/api/v1/[...ts-rest].tsx b/apps/web/src/pages/api/v1/[...ts-rest].tsx
index 27429bdc9..ee2e5b934 100644
--- a/apps/web/src/pages/api/v1/[...ts-rest].tsx
+++ b/apps/web/src/pages/api/v1/[...ts-rest].tsx
@@ -1,16 +1,38 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 
+import { deleteDraftDocument } from '@documenso/lib/server-only/document/delete-draft-document';
 import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
 import { getDocuments } from '@documenso/lib/server-only/public-api/get-documents';
+import { checkUserFromToken } from '@documenso/lib/server-only/public-api/get-user-by-token';
 import { contract } from '@documenso/trpc/api-contract/contract';
 import { createNextRoute, createNextRouter } from '@documenso/trpc/server/public-api/ts-rest';
 
+const validateUserToken = async (token: string) => {
+  try {
+    return await checkUserFromToken({ token });
+  } catch (e) {
+    return null;
+  }
+};
+
 const router = createNextRoute(contract, {
   getDocuments: async (args) => {
     const page = Number(args.query.page) || 1;
     const perPage = Number(args.query.perPage) || 10;
+    const { authorization } = args.headers;
 
-    const { documents, totalPages } = await getDocuments({ page, perPage });
+    const user = await validateUserToken(authorization);
+
+    if (!user) {
+      return {
+        status: 401,
+        body: {
+          message: 'Unauthorized',
+        },
+      };
+    }
+
+    const { documents, totalPages } = await getDocuments({ page, perPage, userId: user.id });
 
     return {
       status: 200,
@@ -21,12 +43,66 @@ const router = createNextRoute(contract, {
     };
   },
   getDocument: async (args) => {
-    const document = await getDocumentById(args.params.id);
+    const { id: documentId } = args.params;
+    const { authorization } = args.headers;
 
-    return {
-      status: 200,
-      body: document,
-    };
+    const user = await validateUserToken(authorization);
+
+    if (!user) {
+      return {
+        status: 401,
+        body: {
+          message: 'Unauthorized',
+        },
+      };
+    }
+
+    try {
+      const document = await getDocumentById({ id: Number(documentId), userId: user.id });
+
+      return {
+        status: 200,
+        body: document,
+      };
+    } catch (e) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
+  },
+  deleteDocument: async (args) => {
+    const { id: documentId } = args.params;
+    const { authorization } = args.headers;
+
+    const user = await validateUserToken(authorization);
+
+    if (!user) {
+      return {
+        status: 401,
+        body: {
+          message: 'Unauthorized',
+        },
+      };
+    }
+
+    try {
+      const document = await deleteDraftDocument({ id: Number(documentId), userId: user.id });
+
+      return {
+        status: 200,
+        body: document,
+      };
+    } catch (e) {
+      return {
+        status: 404,
+        body: {
+          message: 'Document not found',
+        },
+      };
+    }
   },
 });
 
diff --git a/packages/lib/server-only/public-api/get-documents.ts b/packages/lib/server-only/public-api/get-documents.ts
index bbc3ab14c..deea612e8 100644
--- a/packages/lib/server-only/public-api/get-documents.ts
+++ b/packages/lib/server-only/public-api/get-documents.ts
@@ -3,11 +3,15 @@ import { prisma } from '@documenso/prisma';
 type GetDocumentsProps = {
   page: number;
   perPage: number;
+  userId: number;
 };
 
-export const getDocuments = async ({ page = 1, perPage = 10 }: GetDocumentsProps) => {
+export const getDocuments = async ({ page = 1, perPage = 10, userId }: GetDocumentsProps) => {
   const [documents, count] = await Promise.all([
     await prisma.document.findMany({
+      where: {
+        userId,
+      },
       take: perPage,
       skip: Math.max(page - 1, 0) * perPage,
     }),
diff --git a/packages/lib/server-only/public-api/get-user-by-token.ts b/packages/lib/server-only/public-api/get-user-by-token.ts
new file mode 100644
index 000000000..3092deaa7
--- /dev/null
+++ b/packages/lib/server-only/public-api/get-user-by-token.ts
@@ -0,0 +1,15 @@
+import { prisma } from '@documenso/prisma';
+
+export const checkUserFromToken = async ({ token }: { token: string }) => {
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      ApiToken: {
+        some: {
+          token: token,
+        },
+      },
+    },
+  });
+
+  return user;
+};
diff --git a/packages/trpc/api-contract/contract.ts b/packages/trpc/api-contract/contract.ts
index 2a002db45..1a15e5fd0 100644
--- a/packages/trpc/api-contract/contract.ts
+++ b/packages/trpc/api-contract/contract.ts
@@ -40,6 +40,8 @@ export const contract = c.router(
       query: GetDocumentsQuerySchema,
       responses: {
         200: SuccessfulResponseSchema,
+        401: UnsuccessfulResponseSchema,
+        404: UnsuccessfulResponseSchema,
       },
       summary: 'Get all documents',
     },
@@ -48,6 +50,8 @@ export const contract = c.router(
       path: `/documents/:id`,
       responses: {
         200: DocumentSchema,
+        401: UnsuccessfulResponseSchema,
+        404: UnsuccessfulResponseSchema,
       },
       summary: 'Get a single document',
     },
@@ -57,6 +61,7 @@ export const contract = c.router(
       body: z.string(),
       responses: {
         200: DocumentSchema,
+        401: UnsuccessfulResponseSchema,
         404: UnsuccessfulResponseSchema,
       },
       summary: 'Delete a document',