diff --git a/pages/api/attendee/[slug]/project/create.ts b/pages/api/attendee/[slug]/project/create.ts
index 9409eac..f272e2d 100644
--- a/pages/api/attendee/[slug]/project/create.ts
+++ b/pages/api/attendee/[slug]/project/create.ts
@@ -18,11 +18,11 @@ export default async function handler(
                 }
             }
         });
-        if (!attendee)
+        if (!attendee){
             return res.status(400).json({
                 error: "Attendee does not exist."
             });
-
+        }
         let project = await prisma.project.create({
             data: {
                 name: req.body.name,
@@ -38,7 +38,6 @@ export default async function handler(
                 }
             }
         });
-        console.log(project);
         return res.json({
             project
         });
diff --git a/pages/api/attendee/[slug]/project/delete.ts b/pages/api/attendee/[slug]/project/delete.ts
index 6d12e4c..0008654 100644
--- a/pages/api/attendee/[slug]/project/delete.ts
+++ b/pages/api/attendee/[slug]/project/delete.ts
@@ -9,12 +9,30 @@ export default async function handler(
 ) {
     try {
         const slug = await getHackathonSlug(req.query.slug as string);
-        let project = await prisma.project.delete({
+        let attendee = await prisma.attendee.findFirst({
             where: {
-                id: req.body.id
+                tokens: {
+                    some: {
+                        token: req.cookies[slug]
+                    }
+                }
+            }
+        });
+        if (!attendee){
+            return res.status(400).json({
+                error: "Attendee does not exist."
+            });
+        }
+        await prisma.project.deleteMany({
+            where: {
+                id: req.body.id,
+                collaborators: {
+                    some: {
+                        id: attendee.id
+                    }
+                }
             }
         });
-        console.log(project);
         return res.json({
             deleted: true
         });
diff --git a/pages/api/attendee/[slug]/project/update.ts b/pages/api/attendee/[slug]/project/update.ts
index 2186526..bf1d5a0 100644
--- a/pages/api/attendee/[slug]/project/update.ts
+++ b/pages/api/attendee/[slug]/project/update.ts
@@ -13,6 +13,24 @@ export default async function handler(
         let slug = req.query.slug as string;
 
         slug = await getHackathonSlug(slug);
+        
+        let attendee = await prisma.attendee.findFirst({
+            where: {
+                tokens: {
+                    some: {
+                        token: req.cookies[slug]
+                    }
+                },
+                project: {
+                    id
+                }
+            }
+        });
+        if (!attendee){
+            return res.status(400).json({
+                error: "Attendee does not exist or is not a member of this project."
+            });
+        }
 
         let project = await prisma.project.update({
             where: {
diff --git a/pages/api/hello.ts b/pages/api/hello.ts
deleted file mode 100644
index 623d5d5..0000000
--- a/pages/api/hello.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
-import type { NextApiRequest, NextApiResponse } from "next";
-
-type Data = {
-    name: string;
-};
-
-export default function handler(
-    req: NextApiRequest,
-    res: NextApiResponse<Data>
-) {
-    res.status(200).json({ name: "John Doe" });
-}