diff --git a/app/controllers/locomotive/api/current_site_controller.rb b/app/controllers/locomotive/api/current_site_controller.rb
index 71665ea8..408cda14 100644
--- a/app/controllers/locomotive/api/current_site_controller.rb
+++ b/app/controllers/locomotive/api/current_site_controller.rb
@@ -3,7 +3,9 @@ module Locomotive
     class CurrentSiteController < BaseController
 
       def show
-        respond_with(current_site)
+        @site = current_site
+        authorize! :show, @site
+        respond_with(@site)
       end
 
     end
diff --git a/features/api/authorization/current_site.feature b/features/api/authorization/current_site.feature
new file mode 100644
index 00000000..8a61a372
--- /dev/null
+++ b/features/api/authorization/current_site.feature
@@ -0,0 +1,30 @@
+Feature: Current Site
+  In order to ensure the current site can be viewed by all authenticated users
+  As an admin, designer or author
+  I should be able to show the current site
+
+  Background:
+    Given I have the site: "test site" set up
+    And I have a designer and an author
+
+  Scenario: As an unauthenticated user
+    Given I am not authenticated
+    When I do an API GET to current_site.json
+    Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
+
+  # showing current site
+
+  Scenario: Accessing current site as an Admin
+    Given I have an "admin" API token
+    When I do an API GET to current_site.json
+    Then the JSON response at "name" should be "Locomotive test website"
+
+  Scenario: Accessing current site as a Designer
+    Given I have a "designer" API token
+    When I do an API GET to current_site.json
+    Then the JSON response at "name" should be "Locomotive test website"
+
+  Scenario: Accessing current site as an Author
+    Given I have an "author" API token
+    When I do an API GET to current_site.json
+    Then the JSON response at "name" should be "Locomotive test website"