diff --git a/.env.example b/.env.example
index fdbfe9b0..534da9fb 100644
--- a/.env.example
+++ b/.env.example
@@ -13,3 +13,4 @@ VUE_APP_INITIAL_JOB_TYPES={"JOB_IMP_PROD_NEW_BLK":"products","JOB_IMP_ORD_BLK":"
 VUE_APP_BASE_URL=
 VUE_APP_BATCH_JOB_ENUMS={"JOB_BKR_ORD_UNF":{"id":"JOB_BKR_ORD_UNF","facilityId":"_NA_","unfillable": true},"JOB_BKR_ORD":{"id": "JOB_BKR_ORD","facilityId":"_NA_","unfillable": false},"JOB_BKR_PREORD_UNF":{"id":"JOB_BKR_PREORD_UNF","facilityId":"PRE_ORDER_PARKING","unfillable":true},"JOB_BKR_PREORD":{"id":"JOB_BKR_PREORD","facilityId":"PRE_ORDER_PARKING","unfillable":false},"JOB_BKR_BACKORD_UNF":{"id":"JOB_BKR_BACKORD_UNF","facilityId":"BACKORDER_PARKING","unfillable":true},"JOB_BKR_BACKORD":{"id":"JOB_BKR_BACKORD","facilityId":"BACKORDER_PARKING","unfillable":false}}
 VUE_APP_WEBHOOK_ENUMS={"NEW_PRODUCTS":"products/create","DELETE_PRODUCTS":"products/update","NEW_ORDERS":"orders/create","CANCELLED_ORDERS":"orders/cancelled","PAYMENT_STATUS":"orders/paid","RETURNS":"","BULK_OPERATIONS_FINISH":"bulk_operations/finish"}
+VUE_APP_PERMISSION_ID=
diff --git a/src/api/index.ts b/src/api/index.ts
index bf74bc4f..b3661a7a 100644
--- a/src/api/index.ts
+++ b/src/api/index.ts
@@ -106,11 +106,8 @@ const api = async (customConfig: any) => {
         }
     }
 
-    let baseURL = process.env.VUE_APP_BASE_URL;
-    if (!baseURL) {
-        baseURL = store.getters['user/getInstanceUrl'];
-        baseURL = baseURL && baseURL.startsWith('http') ? baseURL : `https://${baseURL}.hotwax.io/api/`;
-    }
+    let baseURL = store.getters['user/getInstanceUrl'];
+    baseURL = baseURL && baseURL.startsWith('http') ? baseURL : `https://${baseURL}.hotwax.io/api/`;
     if (baseURL) config.baseURL = baseURL;
 
     if(customConfig.cache) config.adapter = axiosCache.adapter;
diff --git a/src/services/UserService.ts b/src/services/UserService.ts
index 486ea3c5..72cfcc2a 100644
--- a/src/services/UserService.ts
+++ b/src/services/UserService.ts
@@ -1,4 +1,5 @@
-import api from '@/api'
+import api, {client} from '@/api'
+import store from '@/store';
 
 const login = async (username: string, password: string): Promise <any> => {
   return api({
@@ -11,6 +12,17 @@ const login = async (username: string, password: string): Promise <any> => {
   });
 }
 
+const checkPermission = async (payload: any): Promise <any>  => {
+  let baseURL = store.getters['user/getInstanceUrl'];
+  baseURL = baseURL && baseURL.startsWith('http') ? baseURL : `https://${baseURL}.hotwax.io/api/`;
+  return client({
+    url: "checkPermission",
+    method: "post",
+    baseURL: baseURL,
+    ...payload
+  });
+}
+
 const getProfile = async (): Promise <any>  => {
     return api({
       url: "user-profile", 
@@ -109,5 +121,6 @@ export const UserService = {
     setUserTimeZone,
     updatePinnedJobPref,
     setUserPreference,
-    getUserPreference
+    getUserPreference,
+    checkPermission
 }
\ No newline at end of file
diff --git a/src/store/modules/user/actions.ts b/src/store/modules/user/actions.ts
index 3020549d..5798e28e 100644
--- a/src/store/modules/user/actions.ts
+++ b/src/store/modules/user/actions.ts
@@ -17,9 +17,37 @@ const actions: ActionTree<UserState, RootState> = {
       const resp = await UserService.login(username, password)
       if (resp.status === 200 && resp.data) {
         if (resp.data.token) {
+          const permissionId = process.env.VUE_APP_PERMISSION_ID;
+          if (permissionId) {
+            const checkPermissionResponse = await UserService.checkPermission({
+              data: {
+                permissionId
+              },
+              headers: {
+                Authorization:  'Bearer ' + resp.data.token,
+                'Content-Type': 'application/json'
+              }
+            });
+
+            if (checkPermissionResponse.status === 200 && !hasError(checkPermissionResponse) && checkPermissionResponse.data && checkPermissionResponse.data.hasPermission) {
+              commit(types.USER_TOKEN_CHANGED, { newToken: resp.data.token })
+              dispatch('getProfile')
+              if (resp.data._EVENT_MESSAGE_ && resp.data._EVENT_MESSAGE_.startsWith("Alert:")) {
+              // TODO Internationalise text
+                showToast(translate(resp.data._EVENT_MESSAGE_));
+              }
+              return resp.data;
+            } else {
+              const permissionError = 'You do not have permission to access the app.';
+              showToast(translate(permissionError));
+              console.error("error", permissionError);
+              return Promise.reject(new Error(permissionError));
+            }
+          } else {
             commit(types.USER_TOKEN_CHANGED, { newToken: resp.data.token })
             await dispatch('getProfile')
             return resp.data;
+          }
         } else if (hasError(resp)) {
           showToast(translate('Sorry, your username or password is incorrect. Please try again.'));
           console.error("error", resp.data._ERROR_MESSAGE_);
diff --git a/src/store/modules/user/getters.ts b/src/store/modules/user/getters.ts
index b57780f4..19b5497f 100644
--- a/src/store/modules/user/getters.ts
+++ b/src/store/modules/user/getters.ts
@@ -16,7 +16,8 @@ const getters: GetterTree <UserState, RootState> = {
         return state.current
     },
     getInstanceUrl (state) {
-        return state.instanceUrl;
+        const baseUrl = process.env.VUE_APP_BASE_URL;
+        return baseUrl ? baseUrl : state.instanceUrl;
     },
     getCurrentShopifyConfigId (state) {
         return state.currentShopifyConfigId;