diff --git a/src/auth.js b/src/auth.js
index f3f26d1..d34165a 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -5,23 +5,15 @@ export async function authSubject(request, env, ctx) {
     const headers = request.headers;
     const studyId = headers.get('x-study-id');
     const subjectId = headers.get('x-subject-id');
-    const prolificApiKey = env.PROLIFIC_API_KEY;
 
     if (studyId === env.TEST_STUDY_ID && subjectId === env.TEST_SUBJECT_ID)
         return true;
     if (!subjectId.match(/^[a-f0-9]{1,32}$/) || !studyId.match(/^[a-f0-9]{1,32}$/))
         return false;
+    if (!(await env.EXP_SETTINGS.get('studyId', 'json')).includes(studyId))
+        return false;
 
     return true;
-    // try {
-    //     const apiUrl = `https://api.prolific.com/api/v1/studies/${studyId}/submissions/`;
-    //     const res = await fetch(apiUrl, {
-    //         headers: { Authorization: `Token ${prolificApiKey}` }
-    //     });
-    //     let data = await res.json();
-    //     return Array.from(data.results).some(p => p.participant_id === subjectId);
-
-    // } catch (e) { console.log(e); return false; }
 }
 
 export async function authDispatcher(request, env, ctx) {
diff --git a/wrangler.toml b/wrangler.toml
index 45e2fa5..89766da 100644
--- a/wrangler.toml
+++ b/wrangler.toml
@@ -70,9 +70,9 @@ TEST_SUBJECT_ID = "test"
 
 # Bind a KV Namespace. Use KV as persistent storage for small key-value pairs.
 # Docs: https://developers.cloudflare.com/workers/wrangler/configuration/#kv-namespaces
-# [[kv_namespaces]]
-# binding = "MY_KV_NAMESPACE"
-# id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+[[kv_namespaces]]
+binding = "EXP_SETTINGS"
+id = "c36ae6bde4234f1399409866f799df49"
 
 # Bind an mTLS certificate. Use to present a client certificate when communicating with another service.
 # Docs: https://developers.cloudflare.com/workers/wrangler/configuration/#mtls-certificates