diff --git a/config/settings/container/production.py b/config/settings/container/production.py
index cfd5968249f92bab657413953205fd9230388d14..f1590079d13fd50915a9d7d175f551ee7faa5010 100644
--- a/config/settings/container/production.py
+++ b/config/settings/container/production.py
@@ -8,6 +8,19 @@ SEND_XMPP_ALERTS = True
 SEND_PHONE_ALERTS = True
 SEND_EMAIL_ALERTS = True
 
+# Priority server?
+PRIORITY_SERVER = False
+is_priority_server = os.environ.get('DJANGO_PRIORITY_SERVER', None)
+if (isinstance(is_priority_server, str) and
+    is_priority_server.lower() in ['true', 't']):
+    PRIORITY_SERVER = True
+
+# If priority server, add custom permissions for API
+if PRIORITY_SERVER:
+    default_perms = list(REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'])
+    default_perms = ['api.permissions.IsPriorityUser'] + default_perms
+    REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'] = tuple(default_perms)
+
 # Safety check on debug mode for production
 if (DEBUG == True):
     raise RuntimeError("Turn off debug mode for production")
diff --git a/gracedb/api/permissions.py b/gracedb/api/permissions.py
new file mode 100644
index 0000000000000000000000000000000000000000..aa4bc1469abe1a56b7514b05d5902b63407aa46d
--- /dev/null
+++ b/gracedb/api/permissions.py
@@ -0,0 +1,17 @@
+import logging
+
+from django.conf import settings
+
+from rest_framework import permissions
+
+# Set up logger
+logger = logging.getLogger(__name__)
+
+
+class IsPriorityUser(permissions.BasePermission):
+    """Only allow users in the priority users group"""
+    message = 'You are not authorized to use this API.'
+
+    def has_permission(self, request, view):
+        return request.user.groups.filter(
+            name=settings.PRIORITY_USERS_GROUP).exists()