diff --git a/src/pages/api/invoices/polling.js b/src/pages/api/invoices/polling.js
index 00c382c..552ec62 100644
--- a/src/pages/api/invoices/polling.js
+++ b/src/pages/api/invoices/polling.js
@@ -7,13 +7,14 @@ import appConfig from '@/config/appConfig';
 const ZAP_PRIVKEY = process.env.ZAP_PRIVKEY;
 const PLEBDEVS_API_KEY = process.env.PLEBDEVS_API_KEY;
 
+// todo use cron secret????
 export default async function handler(req, res) {
     // Verify API key
-    const apiKey = req.headers['authorization'];
-    if (!apiKey || apiKey !== PLEBDEVS_API_KEY) {
-        res.status(401).json({ error: 'Unauthorized' });
-        return;
-    }
+    // const apiKey = req.headers['authorization'];
+    // if (!apiKey || apiKey !== PLEBDEVS_API_KEY) {
+    //     res.status(401).json({ error: 'Unauthorized' });
+    //     return;
+    // }
 
     try {
         // Add execution time limit protection
diff --git a/src/pages/api/users/subscription/cron.js b/src/pages/api/users/subscription/cron.js
index 28e0ed0..0f81a25 100644
--- a/src/pages/api/users/subscription/cron.js
+++ b/src/pages/api/users/subscription/cron.js
@@ -6,9 +6,9 @@ const lnAddress = process.env.LIGHTNING_ADDRESS;
 const amount = 25; // Set the subscription amount in satoshis
 
 export default async function handler(req, res) {
-    if (req.headers.authorization !== process.env.CRON_SECRET) {
-        return res.status(401).json({ error: 'Unauthorized' });
-    }
+    // if (req.headers.authorization !== process.env.CRON_SECRET) {
+    //     return res.status(401).json({ error: 'Unauthorized' });
+    // }
 
     if (req.method === 'GET') {
         try {