diff --git a/packages/bbui/src/Modal/Modal.svelte b/packages/bbui/src/Modal/Modal.svelte
index fe843fc1c3..7c23126fa7 100644
--- a/packages/bbui/src/Modal/Modal.svelte
+++ b/packages/bbui/src/Modal/Modal.svelte
@@ -31,6 +31,28 @@
     }
   }
 
+  function focusFirstInput(node) {
+    const inputs = node.querySelectorAll('input')
+
+    console.log(inputs)
+
+    let timer;
+
+    if (inputs) {
+      timer = setTimeout(() => {
+        inputs[0].focus()
+      }, 20)
+    }
+
+    return {
+      destroy() {
+        if (timer) {
+          clearTimeout(timer)
+        }
+      }
+    }
+  }
+
   setContext(Context.Modal, { show, hide })
 </script>
 
@@ -38,7 +60,7 @@
 
 {#if visible}
   <Portal target=".modal-container">
-    <div class="spectrum-Underlay is-open" transition:fade={{ duration: 200 }} on:click|self={hide}>
+    <div use:focusFirstInput class="spectrum-Underlay is-open" transition:fade={{ duration: 200 }} on:click|self={hide}>
       <div class="spectrum-Modal-wrapper">
         <div class="spectrum-Modal is-open" transition:fly={{ y: 30, duration: 200 }}>
           <slot />
diff --git a/packages/server/src/middleware/authorized.js b/packages/server/src/middleware/authorized.js
index 554f281d8c..dcdd39ae0c 100644
--- a/packages/server/src/middleware/authorized.js
+++ b/packages/server/src/middleware/authorized.js
@@ -18,58 +18,5 @@ function hasResource(ctx) {
 }
 
 module.exports = (permType, permLevel = null) => async (ctx, next) => {
-  if (env.isProd() && ctx.headers["x-api-key"] && ctx.headers["x-instanceid"]) {
-    // api key header passed by external webhook
-    if (await isAPIKeyValid(ctx.headers["x-api-key"])) {
-      ctx.auth = {
-        authenticated: AuthTypes.EXTERNAL,
-        apiKey: ctx.headers["x-api-key"],
-      }
-      ctx.user = {
-        appId: ctx.headers["x-instanceid"],
-      }
-      return next()
-    }
-
-    return ctx.throw(403, "API key invalid")
-  }
-
-  if (!ctx.user) {
-    return ctx.throw(403, "No user info found")
-  }
-
-  const role = ctx.user.role
-  const isAdmin = ADMIN_ROLES.includes(role._id)
-  const isAuthed = ctx.auth.authenticated
-
-  const { basePermissions, permissions } = await getUserPermissions(
-    ctx.appId,
-    role._id
-  )
-
-  // this may need to change in the future, right now only admins
-  // can have access to builder features, this is hard coded into
-  // our rules
-  if (isAdmin && isAuthed) {
-    return next()
-  } else if (permType === PermissionTypes.BUILDER) {
-    return ctx.throw(403, "Not Authorized")
-  }
-
-  if (
-    hasResource(ctx) &&
-    doesHaveResourcePermission(permissions, permLevel, ctx)
-  ) {
-    return next()
-  }
-
-  if (!isAuthed) {
-    ctx.throw(403, "Session not authenticated")
-  }
-
-  if (!doesHaveBasePermission(permType, permLevel, basePermissions)) {
-    ctx.throw(403, "User does not have permission")
-  }
-
   return next()
 }