diff --git a/.env.example b/.env.example
index 2593d35..91619e3 100644
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,5 @@
 VUE_APP_I18N_LOCALE=en
 VUE_APP_I18N_FALLBACK_LOCALE=en
 VUE_APP_CACHE_MAX_AGE=3600
-VUE_APP_BASE_URL=VUE_APP_BASE_URL
\ No newline at end of file
+VUE_APP_BASE_URL=VUE_APP_BASE_URL
+VUE_APP_PERMISSION_ID=
\ No newline at end of file
diff --git a/src/api/index.ts b/src/api/index.ts
index c05552f..1fe3796 100644
--- a/src/api/index.ts
+++ b/src/api/index.ts
@@ -70,11 +70,8 @@ const api = async (customConfig: any) => {
         params: customConfig.params
     }
     
-    let baseURL = process.env.VUE_APP_BASE_URL;
-    if(!baseURL){
-        baseURL = store.getters['user/getInstanceUrl'];
-        baseURL = baseURL && baseURL.startsWith('http') ? baseURL : `https://${baseURL}.hotwax.io/api/`;
-    }
+    let baseURL = store.getters['user/getInstanceUrl'];
+    baseURL = baseURL && baseURL.startsWith('http') ? baseURL : `https://${baseURL}.hotwax.io/api/`;
     if(baseURL) config.baseURL = baseURL; 
 
     if(customConfig.cache) config.adapter = axiosCache.adapter;
diff --git a/src/services/UserService.ts b/src/services/UserService.ts
index 2633f5c..82175e7 100644
--- a/src/services/UserService.ts
+++ b/src/services/UserService.ts
@@ -1,4 +1,5 @@
-import api from '@/api'
+import api, {client} from '@/api'
+import store from '@/store';
 
 const login = async (username: string, password: string): Promise <any> => {
   return api({
@@ -11,6 +12,17 @@ const login = async (username: string, password: string): Promise <any> => {
   });
 }
 
+const checkPermission = async (payload: any): Promise <any>  => {
+  let baseURL = store.getters['user/getInstanceUrl'];
+  baseURL = baseURL && baseURL.startsWith('http') ? baseURL : `https://${baseURL}.hotwax.io/api/`;
+  return client({
+    url: "checkPermission",
+    method: "post",
+    baseURL: baseURL,
+    ...payload
+  });
+}
+
 const getProfile = async (): Promise <any>  => {
     return api({
       url: "user-profile", 
@@ -37,4 +49,5 @@ export const UserService = {
     getAvailableTimeZones,
     getProfile,
     setUserTimeZone,
+    checkPermission
 }
\ No newline at end of file
diff --git a/src/store/modules/user/actions.ts b/src/store/modules/user/actions.ts
index 4da3722..f8fff53 100644
--- a/src/store/modules/user/actions.ts
+++ b/src/store/modules/user/actions.ts
@@ -19,9 +19,37 @@ const actions: ActionTree<UserState, RootState> = {
       const resp = await UserService.login(username, password)
       if (resp.status === 200 && resp.data) {
         if (resp.data.token) {
-          commit(types.USER_TOKEN_CHANGED, { newToken: resp.data.token })
-          dispatch('getProfile')
-          return resp.data;
+          const permissionId = process.env.VUE_APP_PERMISSION_ID;
+          if (permissionId) {
+            const checkPermissionResponse = await UserService.checkPermission({
+              data: {
+                permissionId
+              },
+              headers: {
+                Authorization:  'Bearer ' + resp.data.token,
+                'Content-Type': 'application/json'
+              }
+            });
+
+            if (checkPermissionResponse.status === 200 && !hasError(checkPermissionResponse) && checkPermissionResponse.data && checkPermissionResponse.data.hasPermission) {
+              commit(types.USER_TOKEN_CHANGED, { newToken: resp.data.token })
+              dispatch('getProfile')
+              if (resp.data._EVENT_MESSAGE_ && resp.data._EVENT_MESSAGE_.startsWith("Alert:")) {
+              // TODO Internationalise text
+                showToast(translate(resp.data._EVENT_MESSAGE_));
+              }
+              return resp.data;
+            } else {
+              const permissionError = 'You do not have permission to access the app.';
+              showToast(translate(permissionError));
+              console.error("error", permissionError);
+              return Promise.reject(new Error(permissionError));
+            }
+          } else {
+            commit(types.USER_TOKEN_CHANGED, { newToken: resp.data.token })
+            dispatch('getProfile')
+            return resp.data;
+          }
         } else if (hasError(resp)) {
           showToast(translate('Sorry, your username or password is incorrect. Please try again.'));
           console.error("error", resp.data._ERROR_MESSAGE_);
diff --git a/src/store/modules/user/getters.ts b/src/store/modules/user/getters.ts
index 132d683..0305b03 100644
--- a/src/store/modules/user/getters.ts
+++ b/src/store/modules/user/getters.ts
@@ -19,7 +19,8 @@ const getters: GetterTree <UserState, RootState> = {
         return state.currentFacility;
     },
     getInstanceUrl (state) {
-        return state.instanceUrl;
+        const baseUrl = process.env.VUE_APP_BASE_URL;
+        return baseUrl ? baseUrl : state.instanceUrl;
     }
 }
 export default getters;
\ No newline at end of file