diff --git a/routes/application.py b/routes/application.py
index 93e8f07..6c512a9 100644
--- a/routes/application.py
+++ b/routes/application.py
@@ -2,7 +2,8 @@ import datetime
 import os.path
 import uuid
 
-from flask import Blueprint, request
+from flask import Blueprint, request, send_file
+from flask_jwt_extended import verify_jwt_in_request
 
 import database
 from constants import APKS_PATH
@@ -13,7 +14,7 @@ application_blueprint = Blueprint('application', __name__)
 @application_blueprint.before_request
 def auth():
     API_KEY = 'AF9A20DD9264C134CDA0ADACED834368'
-    if request.headers.get('Authorization') != API_KEY:
+    if request.headers.get('Authorization') != API_KEY and (not verify_jwt_in_request(optional=True)):
         return {'error': 'Unauthorized'}, 401
 
 
@@ -26,6 +27,14 @@ def download_version(application_name: str, version: str):
             "error": f"Application version '{version}' not found."
         }, 404
 
+    file_path = os.path.join(APKS_PATH, application.filename)
+    version_safe = version.replace('.', '_')
+    print(file_path)
+    return send_file(file_path,
+                     download_name=f'{application_name}_{version_safe}.apk',
+                     as_attachment=True,
+                     mimetype='application/vnd.android.package-archive')
+
 
 @application_blueprint.get('<string:application_name>/version')
 def get_version(application_name: str):