diff --git a/Dockerfile b/Dockerfile
index 488d25c..45eb9ba 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@ COPY . /git/
 RUN find . -type d -name .git -exec git describe --always --dirty > /git-version.txt \;
 
 
-FROM python:3.8
+FROM python:3.12
 
 EXPOSE 8080
 
diff --git a/app.py b/app.py
index cd31e35..691e2d4 100644
--- a/app.py
+++ b/app.py
@@ -18,6 +18,26 @@ from gitmgr import GitManagerConfiguration, GitManager
 startup_timestamp = datetime.now()
 
 
+class AuthenticatedHandler(tornado.web.RequestHandler, metaclass=ABCMeta):
+    # noinspection PyAttributeOutsideInit
+    def initialize(self, auth_provider=None):
+        self.auth_provider = auth_provider
+
+    def prepare(self):
+        if self.auth_provider is None:
+            return
+
+        # check authentication
+        auth_hdr = "Authentication"
+        if auth_hdr not in self.request.headers:
+            raise tornado.web.HTTPError(401, reason="authentication not provided")
+
+        tk = self.request.headers[auth_hdr]
+
+        if not self.auth_provider.validate_token(tk):
+            raise tornado.web.HTTPError(403, reason="invalid authentication token provided")
+
+
 class HealthHandler(tornado.web.RequestHandler, metaclass=ABCMeta):
     # noinspection PyAttributeOutsideInit
     def initialize(self, sources=None):
@@ -77,12 +97,38 @@ class Oas3Handler(tornado.web.RequestHandler, metaclass=ABCMeta):
         self.finish()
 
 
+class AllEntitiesHandler(AuthenticatedHandler, metaclass=ABCMeta):
+    # noinspection PyAttributeOutsideInit
+    def initialize(self, auth_provider=None):
+        super().initialize(auth_provider)
+
+    def post(self):
+        pass
+
+    def get(self):
+        pass
+
+
+class SingleEntityHandler(AuthenticatedHandler, metaclass=ABCMeta):
+    # noinspection PyAttributeOutsideInit
+    def initialize(self, auth_provider=None):
+        super().initialize(auth_provider)
+
+    def post(self, identifier):
+        pass
+
+    def get(self, identifier):
+        pass
+
+
 def make_app(_auth_provider=None, gitmgr=None):
     version_path = r"/v[0-9]"
     return tornado.web.Application([
         (version_path + r"/health", HealthHandler,
          {"sources": [lambda: {"git-head":  gitmgr.head_sha}] if gitmgr else None}),
         (version_path + r"/oas3", Oas3Handler),
+        (version_path + r"/entities", AllEntitiesHandler, {"auth_provider": _auth_provider}),
+        (version_path + r"/entity/{.*}", SingleEntityHandler, {"auth_provider": _auth_provider}),
     ])
 
 
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..7190a60
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}
diff --git a/requirements.txt b/requirements.txt
index b803341..87c39f9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-tornado==6.0.4
-isodate==0.6.0
-pytest==5.4.1
-GitPython==3.1.12
\ No newline at end of file
+tornado==6.3.3
+isodate==0.6.1
+pytest==7.4.3
+GitPython==3.1.40
\ No newline at end of file