diff --git a/users/middleware.py b/users/middleware.py
index e2dbdcf..93f5daa 100644
--- a/users/middleware.py
+++ b/users/middleware.py
@@ -1,16 +1,15 @@
 from django.conf import settings
-from django.http import HttpResponseRedirect
-from django.core.urlresolvers import reverse
+from django.http import HttpResponseForbidden
 
 
 class Public(object):
 
+    acceptable_paths = (
+        "/api/v2/profile/",
+    )
+
     def process_request(self, request):
         if settings.PUBLIC is False and not request.user.is_authenticated():
-            acceptable_paths = [
-                '/login/',
-                '/private/',
-                '/register/',
-            ]
-            if request.path not in acceptable_paths:
-                return HttpResponseRedirect(reverse('users:private'))
+            for path in self.acceptable_paths:
+                if not request.path.startswith(path):
+                    return HttpResponseForbidden()