diff --git a/core/archipelago/src/api/handler.rs b/core/archipelago/src/api/handler.rs
index 19f51e37..ad408b8f 100644
--- a/core/archipelago/src/api/handler.rs
+++ b/core/archipelago/src/api/handler.rs
@@ -180,8 +180,11 @@ impl ApiHandler {
             // Electrs status — unauthenticated (read-only sync status)
             (Method::GET, "/electrs-status") => Self::handle_electrs_status().await,
 
-            // LND connect info — unauthenticated (read-only, localhost only)
+            // LND connect info — requires authenticated session (exposes admin macaroon)
             (Method::GET, "/lnd-connect-info") => {
+                if !self.is_authenticated(&headers).await {
+                    return Ok(Self::unauthorized());
+                }
                 Self::handle_lnd_connect_info(self.rpc_handler.clone()).await
             }