diff --git a/api.config.yaml b/api.config.yaml
index b4d2fef..2c8bc75 100644
--- a/api.config.yaml
+++ b/api.config.yaml
@@ -2,6 +2,7 @@ api:
   enabled: true
   host: admin.domain.com
   port: 8085
+  insecure: true # this have to be enabled if you want to run api on HTTP (NOT RECOMMENDED)
 
 database:
   path: "./auth.db"
diff --git a/internal/config/api.config.go b/internal/config/api.config.go
index e9909f3..d5aebe8 100644
--- a/internal/config/api.config.go
+++ b/internal/config/api.config.go
@@ -12,6 +12,7 @@ type APIConfig struct {
 	AdminAPI      API            `yaml:"api"`
 	AdminDatabase DatabaseConfig `yaml:"database"`
 	AdminAuth     AuthConfig     `yaml:"auth"`
+	Insecure      bool           `yaml:"insecure"`
 }
 
 type API struct {
diff --git a/internal/server/server.go b/internal/server/server.go
index 47f313e..1f98371 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -283,6 +283,10 @@ func (s *Server) startAdminServer() error {
 			cert = &c
 		}
 
+	} else if !s.apiConfig.Insecure {
+		return errors.New(
+			"TLS not configured and Insecure mode is disabled. If you want to run api on HTTP, set 'insecure' to true",
+		)
 	}
 
 	adminAddr := fmt.Sprintf(":%d", s.servicePort(s.apiConfig.AdminAPI.Port))