diff --git a/api/jobs/replication.go b/api/jobs/replication.go
index 2cf6b05dbe..98b8d63204 100644
--- a/api/jobs/replication.go
+++ b/api/jobs/replication.go
@@ -46,6 +46,27 @@ type ReplicationReq struct {
 	TagList   []string `json:"tags"`
 }
 
+// Prepare ...
+func (rj *ReplicationJob) Prepare() {
+	rj.authenticate()
+}
+
+func (rj *ReplicationJob) authenticate() {
+	cookie, err := rj.Ctx.Request.Cookie(models.UISecretCookie)
+	if err != nil && err != http.ErrNoCookie {
+		log.Errorf("failed to get cookie %s: %v", models.UISecretCookie, err)
+		rj.CustomAbort(http.StatusInternalServerError, "")
+	}
+
+	if err == http.ErrNoCookie {
+		rj.CustomAbort(http.StatusUnauthorized, "")
+	}
+
+	if cookie.Value != config.UISecret() {
+		rj.CustomAbort(http.StatusForbidden, "")
+	}
+}
+
 // Post creates replication jobs according to the policy.
 func (rj *ReplicationJob) Post() {
 	var data ReplicationReq
diff --git a/api/replication_job.go b/api/replication_job.go
index 95f7951947..f91511f621 100644
--- a/api/replication_job.go
+++ b/api/replication_job.go
@@ -147,7 +147,14 @@ func (ra *RepJobAPI) GetLog() {
 		ra.CustomAbort(http.StatusBadRequest, "id is nil")
 	}
 
-	resp, err := http.Get(buildJobLogURL(strconv.FormatInt(ra.jobID, 10)))
+	req, err := http.NewRequest("GET", buildJobLogURL(strconv.FormatInt(ra.jobID, 10)), nil)
+	if err != nil {
+		log.Errorf("failed to create a request: %v", err)
+		ra.CustomAbort(http.StatusInternalServerError, "")
+	}
+	addAuthentication(req)
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		log.Errorf("failed to get log for job %d: %v", ra.jobID, err)
 		ra.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
diff --git a/api/utils.go b/api/utils.go
index 0eabc57938..4fa661932d 100644
--- a/api/utils.go
+++ b/api/utils.go
@@ -115,7 +115,14 @@ func TriggerReplication(policyID int64, repository string,
 
 	url := buildReplicationURL()
 
-	resp, err := http.DefaultClient.Post(url, "application/json", bytes.NewBuffer(b))
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(b))
+	if err != nil {
+		return err
+	}
+	addAuthentication(req)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return err
 	}
@@ -188,7 +195,16 @@ func postReplicationAction(policyID int64, acton string) error {
 
 	url := buildReplicationActionURL()
 
-	resp, err := http.DefaultClient.Post(url, "application/json", bytes.NewBuffer(b))
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(b))
+	if err != nil {
+		return err
+	}
+
+	addAuthentication(req)
+
+	client := &http.Client{}
+
+	resp, err := client.Do(req)
 	if err != nil {
 		return err
 	}
@@ -207,6 +223,16 @@ func postReplicationAction(policyID int64, acton string) error {
 	return fmt.Errorf("%d %s", resp.StatusCode, string(b))
 }
 
+func addAuthentication(req *http.Request) {
+	if req != nil {
+		req.AddCookie(&http.Cookie{
+			Name: models.UISecretCookie,
+			// TODO read secret from config
+			Value: os.Getenv("UI_SECRET"),
+		})
+	}
+}
+
 func buildReplicationURL() string {
 	url := getJobServiceURL()
 	return fmt.Sprintf("%s/api/jobs/replication", url)