diff --git a/router/router.go b/router/router.go
index ed3a5a9..a8bd839 100644
--- a/router/router.go
+++ b/router/router.go
@@ -70,6 +70,7 @@ func Configure() *gin.Engine {
 		server.POST("/commands", postServerCommands)
 		server.POST("/install", postServerInstall)
 		server.POST("/reinstall", postServerReinstall)
+		server.POST("/ws/deny", postServerDenyWSTokens)
 
 		// This archive request causes the archive to start being created
 		// this should only be triggered by the panel.
diff --git a/router/router_server.go b/router/router_server.go
index 2c60ea4..8b7669b 100644
--- a/router/router_server.go
+++ b/router/router_server.go
@@ -6,6 +6,7 @@ import (
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/pkg/errors"
+	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
 	"net/http"
 	"os"
@@ -241,3 +242,20 @@ func deleteServer(c *gin.Context) {
 
 	c.Status(http.StatusNoContent)
 }
+
+// Adds any of the JTIs passed through in the body to the deny list for the websocket
+// preventing any JWT generated before the current time from being used to connect to
+// the socket or send along commands.
+func postServerDenyWSTokens(c *gin.Context) {
+	var data struct{ JTIs []string `json:"jtis"` }
+
+	if err := c.BindJSON(&data); err != nil {
+		return
+	}
+
+	for _, jti := range data.JTIs {
+		tokens.DenyJTI(jti)
+	}
+
+	c.Status(http.StatusNoContent)
+}