diff --git a/app/controllers/api/projects/phrases_controller.rb b/app/controllers/api/projects/phrases_controller.rb
index c855d26a3..d92373ad8 100644
--- a/app/controllers/api/projects/phrases_controller.rb
+++ b/app/controllers/api/projects/phrases_controller.rb
@@ -11,14 +11,19 @@ def show
       end
 
       def update
-        components = project_params[:components]
+        @project = Project.find_by!(identifier: params[:id])
 
-        components.each do |comp_params|
-          component = Component.find(comp_params[:id])
-          component.update(comp_params)
-        end
+        if oauth_user_id && oauth_user_id == @project.user_id
+          components = project_params[:components]
 
-        head :ok
+          components.each do |comp_params|
+            component = Component.find(comp_params[:id])
+            component.update(comp_params)
+          end
+          head :ok
+        else
+          head :unauthorized
+        end
       end
 
       private
diff --git a/app/views/api/projects/show.json.jbuilder b/app/views/api/projects/show.json.jbuilder
index 8449e6128..791509920 100644
--- a/app/views/api/projects/show.json.jbuilder
+++ b/app/views/api/projects/show.json.jbuilder
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-json.call(@project, :identifier, :project_type, :name)
+json.call(@project, :identifier, :project_type, :name, :user_id)
 
 json.components @project.components, :id, :name, :extension, :content