diff --git a/app/Http/Middleware/ApiAuthMiddleware.php b/app/Http/Middleware/ApiAuthMiddleware.php
index bf23ea1..337c42a 100644
--- a/app/Http/Middleware/ApiAuthMiddleware.php
+++ b/app/Http/Middleware/ApiAuthMiddleware.php
@@ -4,6 +4,7 @@
 
 use App\Models\Application;
 use App\Models\UsageLog;
+use App\Models\WhatNowEntity;
 use Carbon\Carbon;
 use Closure;
 use Illuminate\Support\Facades\Log;
@@ -92,6 +93,22 @@ private function canAccessOrganisation(string $path, array $rules): bool
             }
         }
 
+        if (preg_match('#whatnow/(\d+)(?:/|$)#', $path, $matches) && !str_contains($path, 'org/')) {
+            if (isset($rules['allowed_country_code']) && is_array($rules['allowed_country_code'])) {
+                $whatnowId = $matches[1];
+
+                $entity = WhatNowEntity::with('organisation')->find($whatnowId);
+
+                if (!$entity || !$entity->organisation) {
+                    return false;
+                }
+
+                if (!in_array($entity->organisation->country_code, $rules['allowed_country_code'])) {
+                    return false;
+                }
+            }
+        }
+
         return true;
     }
 }