diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py
index c6e068d8..46301d92 100644
--- a/rowers/views/apiviews.py
+++ b/rowers/views/apiviews.py
@@ -81,6 +81,7 @@ from rest_framework_swagger.renderers import OpenAPIRenderer, SwaggerUIRenderer
 @csrf_exempt
 @login_required()
 @api_view(["GET","POST"])
+@permission_classes([IsAuthenticated])
 def strokedatajson_v2(request,id):
     """
     POST: Add Stroke data to workout
@@ -91,12 +92,12 @@ def strokedatajson_v2(request,id):
 
     row = get_object_or_404(Workout,pk=id)
     if row.user != request.user.rower:
-        raise PermissionDenied("You have no access to this workout")
+        return HttpResponse("You do not have permission to perform this action",status=403)
 
     try:
         id = int(id)
     except ValueError:
-        return HttpResponse("Not a valid workout number",status=400)
+        return HttpResponse("Not a valid workout number",status=404)
 
     if request.method == 'GET':
         columns = ['spm','time','hr','pace','power','distance']
@@ -112,19 +113,19 @@ def strokedatajson_v2(request,id):
     if request.method == 'POST':
         checkdata, r = dataprep.getrowdata_db(id=row.id)
         if not checkdata.empty:
-            return HttpResponse("Duplicate Error",status=400)
+            return HttpResponse("Duplicate Error",status=409)
 
         df = pd.DataFrame()
-        print(request.POST)
 
         try:
-            df = pd.read_json(request.POST['data'],orient='split')
+            df = pd.DataFrame(request.data['data'])
         except KeyError:
             try:
-                df = pd.read_json(request.POST['strokedata'],orient='split')
+                df = pd.DataFrame(request.data['strokedata'])
             except:
                 return HttpResponse("No JSON object could be decoded",status=400)
 
+
         df.index = df.index.astype(int)
         df.sort_index(inplace=True)
 
@@ -294,6 +295,7 @@ def strokedatajson_v2(request,id):
 @csrf_exempt
 @login_required()
 @api_view(['GET','POST'])
+@permission_classes([IsAuthenticated])
 def strokedatajson(request,id):
     """
     POST: Add Stroke data to workout
@@ -306,7 +308,7 @@ def strokedatajson(request,id):
     try:
         id = int(id)
     except ValueError:
-        return HttpResponse("Not a valid workout number",status=400)
+        return HttpResponse("Not a valid workout number",status=403)
 
 
     if request.method == 'GET':
@@ -325,7 +327,7 @@ def strokedatajson(request,id):
         # strokedata = request.POST['strokedata']
         # checking/validating and cleaning
         try:
-            strokedata = json.loads(request.POST['strokedata'])
+            strokedata = json.loads(request.data['strokedata'])
         except:
             return HttpResponse("No JSON object could be decoded",status=400)
 
diff --git a/rowers/views/statements.py b/rowers/views/statements.py
index 9061fb13..46a19e38 100644
--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -686,7 +686,8 @@ try:
 except ImportError:
     pass
 
-from rest_framework.decorators import api_view, renderer_classes
+from rest_framework.decorators import api_view, renderer_classes, permission_classes
+from rest_framework.permissions import IsAuthenticated
 
 
 from rowers.permissions import IsOwnerOrNot, IsCompetitorOrNot