diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 494c050..fa7e442 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -54,6 +54,7 @@ class Kernel extends HttpKernel
      */
     protected $middlewareAliases = [
         'auth' => \App\Http\Middleware\Authenticate::class,
+        'jwt.auth' => \App\Http\Middleware\JwtAuthMiddleware::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
diff --git a/app/Http/Middleware/JwtAuthMiddleware.php b/app/Http/Middleware/JwtAuthMiddleware.php
new file mode 100644
index 0000000..f45f09f
--- /dev/null
+++ b/app/Http/Middleware/JwtAuthMiddleware.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+class JwtAuthMiddleware
+{
+    public function handle(Request $request, Closure $next)
+    {
+        try {
+            $authHeader = $request->header('Authorization');
+
+            if (!$authHeader) {
+                return response()->json(['message' => 'Missing Authorization header'], 401);
+            }
+
+            if (!preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
+                return response()->json(['message' => 'Invalid token format'], 401);
+            }
+
+            $token = $matches[1];
+
+            $publicKey = str_replace('\\n', "\n", env('JWT_PUBLIC_KEY_PEM'));
+
+            $decoded = JWT::decode($token, new Key($publicKey, 'RS256'));
+
+            if (
+                $decoded->iss !== env('JWT_ISSUER') ||
+                $decoded->aud !== env('JWT_AUDIENCE') ||
+                empty($decoded->sub)
+            ) {
+                return response()->json(['message' => 'Invalid token'], 401);
+            }
+
+            $request->attributes->set('auth', [
+                'id' => $decoded->sub,
+                'token' => $token
+            ]);
+
+            return $next($request);
+
+        } catch (\Exception $e) {
+            return response()->json(['message' => 'Invalid or expired token'], 401);
+        }
+    }
+}
\ No newline at end of file
diff --git a/routes/api.php b/routes/api.php
index 530b854..1b47263 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -3,23 +3,30 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;
 use App\Http\Controllers\GameController;
+
 /*
 |--------------------------------------------------------------------------
 | API Routes
 |--------------------------------------------------------------------------
-|
-| Here is where you can register API routes for your application. These
-| routes are loaded by the RouteServiceProvider and all of them will
-| be assigned to the "api" middleware group. Make something great!
-|
 */
-Route::prefix('v1')->group(function () {
+
+Route::prefix('v1')->middleware(['jwt.auth'])->group(function () {
+
+    // Rankings
     Route::get('/rankings/weekly', [GameController::class, 'weeklyRanking']);
     Route::get('/rankings/monthly', [GameController::class, 'monthlyRanking']);
     Route::get('/rankings/yearly', [GameController::class, 'yearlyRanking']);
     Route::get('/rankings/history/{id}', [GameController::class, 'history']);
-    Route::get('/games/most-played', [GameController::class, 'mostPlayed']);
-    
     Route::get('/rankings/platforms/{platform}', [GameController::class, 'platformRanking']);
+
+    // Jogos
+    Route::get('/games/most-played', [GameController::class, 'mostPlayed']);
+
 });
 
+// 🔓 Rota de teste (opcional)
+Route::middleware(['jwt.auth'])->get('/test-auth', function (Request $request) {
+    return response()->json([
+        'userId' => $request->attributes->get('auth')['id']
+    ]);
+});
\ No newline at end of file