diff --git a/app.py b/app.py
index 19410c7..f94514a 100644
--- a/app.py
+++ b/app.py
@@ -5,10 +5,12 @@ from flask import Flask, request, jsonify, send_from_directory
 
 app = Flask(__name__)
 app.config['UPLOAD_FOLDER'] = os.environ.get('UPLOAD_FOLDER', './uploads')
-app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024  # 5MB
+app.config['MAX_CONTENT_LENGTH'] = int(os.environ.get('MAX_CONTENT_LENGTH', '5')) * 1024 * 1024  # in MB
 
 VALID_FILENAME_REGEX = r'^[a-zA-Z0-9\-_\.]+$'
 
+UPLOAD_TOKEN = os.environ.get('UPLOAD_TOKEN')
+
 def is_valid_filename(filename):
     return bool(re.match(VALID_FILENAME_REGEX, filename))
 
@@ -17,6 +19,12 @@ def upload_file():
     if 'file' not in request.files:
         return jsonify({'error': 'No file part in the request'}), 400
 
+    if 'token' not in request.headers:
+        return jsonify({'error': 'No token supplied'}), 401
+
+    if request.headers['token'] != UPLOAD_TOKEN:
+        return jsonify({'error': 'Invalid token supplied'}), 401
+
     file = request.files['file']
     if file.filename == '':
         return jsonify({'error': 'No file selected for upload'}), 400
@@ -35,18 +43,6 @@ def download_file(filename):
     except FileNotFoundError:
         return jsonify({'error': 'File not found'}), 404
 
-@app.route('/list', methods=['GET'])
-def list_files():
-    files = []
-    total_size = 0
-    for filename in os.listdir(app.config['UPLOAD_FOLDER']):
-        path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
-        if os.path.isfile(path):
-            size = os.path.getsize(path)
-            files.append({'filename': filename, 'size': size})
-            total_size += size
-    return jsonify({'files': files, 'count': len(files), 'total_size': total_size})
-
 if __name__ == '__main__':
     app.run(debug=True, host='0.0.0.0', port=int(os.environ.get('PORT', 5000)))