diff --git a/app.js b/app.js
index a5505731d4..9def533d0e 100755
--- a/app.js
+++ b/app.js
@@ -65,7 +65,7 @@ app.get('/api/foursquare', passportConf.ensureAuthenticated, api.getFoursquare);
 app.get('/api/tumblr', passportConf.ensureAuthenticated, api.getTumblr);
 app.get('/api/facebook', passportConf.ensureAuthenticated, api.getFacebook);
 app.get('/api/scraping', api.getScraping);
-app.get('/api/github', passportConf.ensureAuthenticated, api.getGithub);
+app.get('/api/github', passportConf.isAuthorized('github'), api.getGithub);
 app.get('/api/lastfm', api.getLastfm);
 app.get('/api/nyt', api.getNewYorkTimes);
 app.get('/api/twilio', api.getTwilio);
diff --git a/config/passport.js b/config/passport.js
index 541f3e34e8..078205f394 100755
--- a/config/passport.js
+++ b/config/passport.js
@@ -133,7 +133,19 @@ passport.use('foursquare', new OAuth2Strategy({
   }
 ));
 
-exports.ensureAuthenticated = function ensureAuthenticated(req, res, next) {
+exports.ensureAuthenticated = function(req, res, next) {
   if (req.isAuthenticated()) return next();
   res.redirect('/login');
+};
+
+exports.isAuthorized = function(provider) {
+  return function(req, res, next) {
+    var accessToken = _.findWhere(req.user.tokens, { kind: provider });
+    if (accessToken) return next();
+    res.render('api/unauthorized', {
+      title: 'Facebook API',
+      provider: 'Facebook',
+      user: req.user
+    });
+  };
 };
\ No newline at end of file
diff --git a/controllers/api.js b/controllers/api.js
index 6a7171699b..2150bc9c70 100644
--- a/controllers/api.js
+++ b/controllers/api.js
@@ -100,6 +100,7 @@ exports.getTumblr = function(req, res) {
 exports.getFacebook = function(req, res) {
   var token = _.findWhere(req.user.tokens, { kind: 'facebook' });
   // TODO: MIDDLEWARE
+  // TODO: OR just redirect directly to /auth/facebook
   if (!token) {
     return res.render('api/unauthorized', {
       title: 'Facebook API',