diff --git a/nais/dev-gcp/nais.yaml b/nais/dev-gcp/nais.yaml
index 1a269f4..7762f25 100644
--- a/nais/dev-gcp/nais.yaml
+++ b/nais/dev-gcp/nais.yaml
@@ -14,6 +14,7 @@ spec:
     enabled: true
     sidecar:
       enabled: true
+      level: Level3
   image: {{version}}
   port: 8080
   liveness:
diff --git a/nais/prod-gcp/nais.yaml b/nais/prod-gcp/nais.yaml
index 3e6d058..4465319 100644
--- a/nais/prod-gcp/nais.yaml
+++ b/nais/prod-gcp/nais.yaml
@@ -14,6 +14,7 @@ spec:
     enabled: true
     sidecar:
       enabled: true
+      level: Level3
   image: {{version}}
   port: 8080
   liveness:
diff --git a/src/main/kotlin/no/nav/tms/varsel/api/varselApi.kt b/src/main/kotlin/no/nav/tms/varsel/api/varselApi.kt
index 50c3e7a..a51da8b 100644
--- a/src/main/kotlin/no/nav/tms/varsel/api/varselApi.kt
+++ b/src/main/kotlin/no/nav/tms/varsel/api/varselApi.kt
@@ -20,6 +20,7 @@ import io.micrometer.prometheus.PrometheusMeterRegistry
 import kotlinx.serialization.json.Json
 import mu.KotlinLogging
 import no.nav.tms.token.support.authentication.installer.installAuthenticators
+import no.nav.tms.token.support.idporten.sidecar.LoginLevel
 import no.nav.tms.token.support.idporten.sidecar.user.IdportenUserFactory
 import no.nav.tms.token.support.tokendings.exchange.TokenXHeader
 import no.nav.tms.token.support.tokenx.validation.TokenXAuthenticator
@@ -40,6 +41,7 @@ fun Application.varselApi(
                 setAsDefault = true
                 rootPath = ROOT_PATH
                 inheritProjectRootPath = false
+                loginLevel = LoginLevel.LEVEL_3
             }
             installTokenXAuth {
                 setAsDefault = false
diff --git a/src/test/kotlin/no/nav/tms/varsel/api/VarselRoutesTest.kt b/src/test/kotlin/no/nav/tms/varsel/api/VarselRoutesTest.kt
index f3192db..53d478c 100644
--- a/src/test/kotlin/no/nav/tms/varsel/api/VarselRoutesTest.kt
+++ b/src/test/kotlin/no/nav/tms/varsel/api/VarselRoutesTest.kt
@@ -173,6 +173,39 @@ class VarselRoutesTest {
 
     }
 
+    @Test
+    fun `Henter aktive varsler for nivå 3`() = testApplication {
+        setupEventhandlerService(VarselTestData.varsel(type = VarselType.BESKJED, isMasked = true),
+            VarselTestData.varsel(type = VarselType.OPPGAVE, isMasked = true)
+        )
+        mockVarselApi(
+            varselConsumer = setupVarselConsumer(),
+            authMockInstaller = installIdportenAuthenticatedMock(IdportenSecurityLevel.LEVEL_3)
+        )
+
+        client.get("/tms-varsel-api/aktive") {
+            header(
+                TokenXHeader.Authorization,
+                "tokenxtoken"
+            )
+        }.status shouldBe HttpStatusCode.Unauthorized
+
+        val response = client.get("/tms-varsel-api/aktive")
+        response.status shouldBe HttpStatusCode.OK
+
+        val aktiveVarsler = Json.decodeFromString<AktiveVarsler>(response.bodyAsText())
+        aktiveVarsler.beskjeder.size shouldBe 1
+        aktiveVarsler.oppgaver.size shouldBe 1
+        aktiveVarsler.innbokser.size shouldBe 0
+
+        (aktiveVarsler.beskjeder+ aktiveVarsler.oppgaver).forEach {
+            it.isMasked shouldBe true
+            it.tekst shouldBe null
+            it.link shouldBe null
+        }
+
+    }
+
     @Test
     fun `Henter antall aktive varsler`() {
         val varsler = listOf(
@@ -231,7 +264,7 @@ class VarselRoutesTest {
             varselConsumer = setupVarselConsumer(),
             authMockInstaller = installIdportenAuthenticatedMock(IdportenSecurityLevel.LEVEL_4)
         )
-        client.post("/tms-varsel-api/beskjed/inaktiver"){
+        client.post("/tms-varsel-api/beskjed/inaktiver") {
             header(HttpHeaders.ContentType, ContentType.Application.Json)
             setBody("""{"eventId": "$expeectedEventId"}""")
         }.status shouldBe HttpStatusCode.OK
diff --git a/src/test/kotlin/no/nav/tms/varsel/api/varselTestData.kt b/src/test/kotlin/no/nav/tms/varsel/api/varselTestData.kt
index b7b50aa..16cc896 100644
--- a/src/test/kotlin/no/nav/tms/varsel/api/varselTestData.kt
+++ b/src/test/kotlin/no/nav/tms/varsel/api/varselTestData.kt
@@ -47,8 +47,8 @@ object VarselTestData {
         type = type,
         eventId = eventId,
         forstBehandlet = forstBehandlet,
-        tekst = tekst,
-        link = link,
+        tekst = if (isMasked) null else tekst,
+        link = if(isMasked) null else link,
         isMasked = isMasked,
         sikkerhetsnivaa = sikkerhetsnivaa,
         sistOppdatert = sistOppdatert,
@@ -75,6 +75,11 @@ fun TestApplicationBuilder.mockVarselApi(
     }
 }
 
+
+fun ApplicationTestBuilder.setupEventhandlerService(vararg varsler: Varsel) = setupEventhandlerService(
+    aktiveVarslerFromEventHandler = varsler.toList()
+)
+
 fun ApplicationTestBuilder.setupEventhandlerService(
     aktiveVarslerFromEventHandler: List<Varsel> = emptyList(),
     inaktiveVarslerFromEventHandler: List<Varsel> = emptyList(),