diff --git a/serverless.yml b/serverless.yml
index fca14a5..5748317 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -271,7 +271,7 @@ functions:
 
     events:
       - httpApi:
-          path: /minglaradmin/prepopulate-teammate
+          path: /minglaradmin/prepopulate-Roles
           method: get
 
 
diff --git a/src/modules/minglaradmin/handlers/prepopulateTeammate.ts b/src/modules/minglaradmin/handlers/prepopulateTeammate.ts
index 4d96ebe..142fdd5 100644
--- a/src/modules/minglaradmin/handlers/prepopulateTeammate.ts
+++ b/src/modules/minglaradmin/handlers/prepopulateTeammate.ts
@@ -1,52 +1,85 @@
-import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
 import { PrismaService } from '../../../common/database/prisma.service';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { ROLE } from '../../../common/utils/constants/common.constant';
+import { verifyMinglarAdminToken } from '../../../common/middlewares/jwt/authForMinglarAdmin';
 
 const prismaService = new PrismaService();
 
 /**
  * Get prepopulated roles for Coadmin and Account_manager
  * Returns an array of role objects with their IDs
+ * Only accessible by MINGLAR_ADMIN (role_xid = 1)
  */
-export const handler = safeHandler(async (
-  event: APIGatewayProxyEvent,
-  context?: Context
-): Promise<APIGatewayProxyResult> => {
+export const handler = safeHandler(
+  async (
+    event: APIGatewayProxyEvent,
+    context?: Context,
+  ): Promise<APIGatewayProxyResult> => {
+    const token =
+      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    if (!token) {
+      throw new ApiError(
+        401,
+        'This is a protected route. Please provide a valid token.',
+      );
+    }
+
+    // Verify token and get user info
+    const userInfo = await verifyMinglarAdminToken(token);
+    console.log('User Info:', userInfo);
+    // Check if user has Minglar Admin role (role_xid = 1)
+    const user = await prismaService.user.findUnique({
+      where: { id: userInfo.id },
+      select: { roleXid: true },
+    });
+
+    if (!user || user.roleXid !== ROLE.MINGLAR_ADMIN) {
+      throw new ApiError(
+        403,
+        'Access denied. Only Minglar Admin can access this route.',
+      );
+    }
+
     // Fetch Coadmin and Account_Manager roles
     const roles = await prismaService.roles.findMany({
-        where: {
-            id: {
-                in: [ROLE.CO_ADMIN, ROLE.ACCOUNT_MANAGER]
-            },
-            isActive: true,
-            deletedAt: null
+      where: {
+        id: {
+          in: [ROLE.CO_ADMIN, ROLE.ACCOUNT_MANAGER],
         },
-        select: {
-            id: true,
-            roleName: true
-        },
-        orderBy: {
-            id: 'asc'
-        }
+        isActive: true,
+        deletedAt: null,
+      },
+      select: {
+        id: true,
+        roleName: true,
+      },
+      orderBy: {
+        id: 'asc',
+      },
     });
 
     if (!roles || roles.length === 0) {
-        throw new ApiError(404, 'No roles found for Coadmin or Account_manager');
+      throw new ApiError(404, 'No roles found for Coadmin or Account_manager');
     }
 
     return {
-        statusCode: 200,
-        headers: {
-            'Content-Type': 'application/json',
-            'Access-Control-Allow-Origin': '*',
-        },
-        body: JSON.stringify({
-            success: true,
-            message: 'Roles retrieved successfully',
-            data: roles,
-            count: roles.length
-        }),
+      statusCode: 200,
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*',
+      },
+      body: JSON.stringify({
+        success: true,
+        message: 'Roles retrieved successfully',
+        data: roles,
+        count: roles.length,
+      }),
     };
-});
+  },
+);