diff --git a/README.md b/README.md
index 55d339db2827cedfb2a29156525164f4ac973b8f..b867225d21c1f5d6a2d52f511317a7f11b4e0147 100644
--- a/README.md
+++ b/README.md
@@ -31,4 +31,7 @@ User -> "Outlook" : Inspect suspicious email
 "Cyber-Signal" -> "Cyber-Signal" : Add information in dashboard SSI
 
 ```
-
+TODO : documentation
+TODO : améliorer génération & sécurité sharetoken 
+TODO : changer noms et type des struct
+TODO : factoriser fonctions appels d'IOC
diff --git a/main.go b/main.go
index 4b185f0662fb0a9241ddbee6bb49bac97bf9ac06..72f362e76aa81e7214c96ef3232fffce69608d12 100644
--- a/main.go
+++ b/main.go
@@ -15,8 +15,17 @@ import (
 var i int
 
 func main() {
-	mainH := http.HandlerFunc(helloServer)
-	go http.ListenAndServe(":8091", middleware(mainH))
+
+	mux := http.NewServeMux()
+	os.Setenv("SHARE_TOKEN", "sharetoken")
+
+	helloHandler := http.HandlerFunc(hello)
+	mux.Handle("/hello", validateShareToken(helloHandler))
+
+	log.Println("Listening on :8091...")
+	err := http.ListenAndServe(":8091", mux)
+	log.Fatal(err)
+
 	//taskid := sendPostRequestMultipart("http://localhost:8090/tasks/create/file", "/home/jean/Wza.txt")
 	sendGetSummaryReport(5)
 	//sendPostRequestMultipart("http://localhost:8090/tasks/summary/")
@@ -26,8 +35,8 @@ func main() {
 
 //subject, corps du mail, expéditeur, URL, hash
 
-func helloServer(w http.ResponseWriter, r *http.Request) {
-	//fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
+func hello(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello")
 }
 
 /*
@@ -42,6 +51,19 @@ func SaveFile(w http.ResponseWriter, r *http.Request) {
 }
 */
 
+// Middleware to check if the shared token is valid
+func validateShareToken(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		bearer := r.Header.Get("Authorization")
+		if bearer != fmt.Sprintf("Bearer %s", os.Getenv("SHARE_TOKEN")) {
+			http.Error(w, "Unauthorized bearer", http.StatusForbidden)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
 func middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		readBody, err := ioutil.ReadAll(r.Body)
diff --git a/main_test.go b/main_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..491b76801118e08e2149fcdbeaba969776485be8
--- /dev/null
+++ b/main_test.go
@@ -0,0 +1,42 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+)
+
+func TestHelloServerHandler(t *testing.T) {
+	// Set environment variables
+	os.Setenv("SHARE_TOKEN", "sharetoken")
+
+	req, err := http.NewRequest("GET", "/hello", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Specifying an API key
+	req.Header.Set("Authorization", "Bearer sharetoken")
+
+	// We create a ResponseRecorder (which satisfies http.ResponseWriter) to record the response.
+	rr := httptest.NewRecorder()
+	handler := validateShareToken(http.HandlerFunc(hello))
+
+	// Our handlers satisfy http.Handler, so we can call their ServeHTTP method
+	// directly and pass in our Request and ResponseRecorder.
+	handler.ServeHTTP(rr, req)
+
+	// Check the status code is what we expect.
+	if status := rr.Code; status != http.StatusOK {
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, http.StatusOK)
+	}
+
+	// Check the response body is what we expect.
+	expected := `Hello`
+	if rr.Body.String() != expected {
+		t.Errorf("handler returned unexpected body: got %v want %v",
+			rr.Body.String(), expected)
+	}
+}