diff --git a/.gitignore b/.gitignore
index 584df56..37acb9a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 banned_numbers.js
 mixpanel_config.js
+authbox_config.js
 keys.json
 
 *.swp
diff --git a/package.json b/package.json
index 6a37296..296d393 100644
--- a/package.json
+++ b/package.json
@@ -6,11 +6,12 @@
     }
   , "dependencies": {
       "express": "~3.5.1"
+      , "authbox": "^0.9.2"
       , "jade": "~0.14.2"
+      , "mixpanel": "~0.0.19"
       , "nodemailer": "~0.6.1"
       , "redis-url": "~0.2.0"
       , "underscore": "~1.6.0"
-      , "mixpanel": "~0.0.19"
     }
   , "devDependencies": {
     }
diff --git a/server/app.js b/server/app.js
index 448b6e4..40f1674 100644
--- a/server/app.js
+++ b/server/app.js
@@ -1,14 +1,23 @@
 var express = require('express')
   , app = express()
   , _ = require('underscore')
+  , authbox = require('authbox')
+  , crypto = require('crypto')
+  , exec = require('child_process').exec
   , fs = require('fs')
   , mixpanel = require('mixpanel')
-  , exec = require('child_process').exec
-  , spawn = require('child_process').spawn
-  , Stream = require('stream')
   , redis = require('redis-url').connect()
+  , spawn = require('child_process').spawn
   , text = require('../lib/text');
 
+// Express config
+app.set('views', __dirname + '/views');
+app.set('view engine', 'jade');
+
+app.use(express.cookieParser());
+app.use(express.static(__dirname + '/public'));
+app.use(express.bodyParser());
+
 // Enable log messages when sending texts.
 text.debug(true);
 
@@ -21,7 +30,8 @@ try {
 }
 
 var mpq
-  , mixpanel_config;
+  , mixpanel_config
+  , authbox_config;
 try {
   mixpanel_config = require('./mixpanel_config.js');
   mpq = new mixpanel.Client(mixpanel_config.api_key);
@@ -29,6 +39,14 @@ try {
   mpq = {track: function() {}};
 }
 
+try {
+  authbox_config = require('./authbox_config.js');
+  authbox.configure(authbox_config);
+  app.use(authbox.middleware);
+} catch(e) {
+  authbox = {log: function() {}};
+}
+
 var access_keys;
 try {
   // Optionally, you may specify special access keys in a keys.json file.
@@ -39,14 +57,6 @@ try {
   access_keys = {};
 }
 
-// Express config
-app.set('views', __dirname + '/views');
-app.set('view engine', 'jade');
-
-app.use(express.cookieParser());
-app.use(express.static(__dirname + '/public'));
-app.use(express.bodyParser());
-
 // App routes
 app.get('/', function(req, res) {
   fs.readFile(__dirname + '/views/index.html', 'utf8', function(err, text){
@@ -79,13 +89,34 @@ app.post('/intl', function(req, res) {
 // App helper functions
 
 function textRequestHandler(req, res, number, region, key) {
+  var authbox_details = {
+    $actionName: 'text'
+  };
+
   if (!number || !req.body.message) {
     mpq.track('incomplete request');
+    authbox.log(req, _.extend(authbox_details, {$failureReason: 'incomplete_request'}));
     res.send({success:false, message:'Number and message parameters are required.'});
     return;
   }
+
+  var message = req.body.message;
+  if (message.indexOf(':') > -1) {
+    // Handle problem with vtext where message would not get sent properly if it
+    // contains a colon.
+    message = ' ' + message;
+  }
+
+  shasum.update(number);
+  var authbox_digest = shasum.digest('hex');
+  _.extend(authbox_details, {
+    recipient: number,
+    message__text: message
+  });
+
   if (banned_numbers.BLACKLIST[number]) {
     mpq.track('banned number');
+    authbox.log(req, _.extend(authbox_details, {$failureReason: 'banned_number'}));
     res.send({success:false,message:'Sorry, texts to this number are disabled.'});
     return;
   }
@@ -95,13 +126,6 @@ function textRequestHandler(req, res, number, region, key) {
     ip = req.header('X-Real-IP');
   }
 
-  var message = req.body.message;
-  if (message.indexOf(':') > -1) {
-    // Handle problem with vtext where message would not get sent properly if it
-    // contains a colon
-    message = ' ' + message;
-  }
-
   var tracking_details = {
     number: number,
     message: req.body.message,
@@ -115,6 +139,7 @@ function textRequestHandler(req, res, number, region, key) {
     text.send(number, message, region, function(err) {
       if (err) {
         mpq.track('sendText failed', tracking_details);
+        authbox.log(req, _.extend(authbox_details, {$failureReason: 'gateway_failed'}));
         res.send(_.extend(response_obj,
                           {
                             success:false,
@@ -123,6 +148,7 @@ function textRequestHandler(req, res, number, region, key) {
       }
       else {
         mpq.track('sendText success', tracking_details);
+        authbox.log(req, _.extend(authbox_details, {$success: true}));
         res.send(_.extend(response_obj, {success:true}));
       }
     });
@@ -160,6 +186,7 @@ function textRequestHandler(req, res, number, region, key) {
     }, 1000*60*3);
     if (num > 3) {
       mpq.track('exceeded phone quota');
+      authbox.log(req, _.extend(authbox_details, {$failureReason: 'exceeded_phone_quota'}));
       res.send({success:false, message:'Exceeded quota for this phone number. ' + number});
       return;
     }
@@ -173,6 +200,7 @@ function textRequestHandler(req, res, number, region, key) {
       }
       if (num > 75) {
         mpq.track('exceeded ip quota');
+        authbox.log(req, _.extend(authbox_details, {$failureReason: 'exceeded_ip_quota'}));
         res.send({success:false, message:'Exceeded quota for this IP address. ' + ip});
         return;
       }
diff --git a/server/authbox_config_example.js b/server/authbox_config_example.js
new file mode 100644
index 0000000..ac1607d
--- /dev/null
+++ b/server/authbox_config_example.js
@@ -0,0 +1,4 @@
+module.exports = {
+  apiKey: 'foobar',
+  secretKey: '1234567'
+};