diff --git a/src/handler/server.go b/src/handler/server.go
index 77dd799bc54218011550cddf9d7f20e605b2ff01..4b34c201df6715067b56804f09271fb26587a591 100644
--- a/src/handler/server.go
+++ b/src/handler/server.go
@@ -59,7 +59,7 @@ func (s *Service) InitializeRoutes() *echo.Echo {
 	s.DosbingBimbinganLogHandler.MountDosbing(dosbingGroup)
 
 	TIMTAGroup := e.Group("api/TIMTA")
-	TIMTAGroup.Use(middleware.Validator("TIM_TA"))
+	TIMTAGroup.Use(middleware.Validator("S1_TIM_TA"))
 	s.TIMTASchedulingHandler.MountTIMTA(TIMTAGroup)
 	s.TIMTAPendaftaranSidSemHandler.MountTIMTA(TIMTAGroup)
 	return e
diff --git a/src/middleware/validator.go b/src/middleware/validator.go
index 629a505f4c48ffd7e849d67a0e3b534d34213ddd..41caab8b8603d497d599f3a469a7eaf89abf8254 100644
--- a/src/middleware/validator.go
+++ b/src/middleware/validator.go
@@ -1,6 +1,7 @@
 package middleware
 
 import (
+	"encoding/json"
 	"net/http"
 	"os"
 
@@ -8,8 +9,6 @@ import (
 	"gitlab.informatika.org/k-01-11/graduit-be/src/utils"
 )
 
-// masih mentah baru raba2
-
 func Validator(expectedRole string) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
@@ -37,10 +36,21 @@ func Validator(expectedRole string) echo.MiddlewareFunc {
 			}
 			defer resp.Body.Close()
 
+			var payload utils.Payload
+			if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
+				return c.JSON(http.StatusInternalServerError, utils.ResponseDetailOutput(false, http.StatusInternalServerError, "Failed to decode response body", err))
+			}
+
+			if payload.Roles[0] != expectedRole {
+				return c.JSON(http.StatusForbidden, utils.ResponseDetailOutput(false, http.StatusForbidden, "Forbidden", err))
+			}
+
 			if resp.StatusCode != http.StatusOK {
 				return c.JSON(resp.StatusCode, utils.ResponseDetailOutput(false, resp.StatusCode, "Unauthorized", resp.Body))
 			}
 
+			c.Set("authPayload", payload)
+
 			return next(c)
 		}
 	}
diff --git a/src/utils/helper.go b/src/utils/helper.go
index 0ae531c46878955dcef292d40b33eda556c50401..9ff781904c495e409efcd9a58cb18ec8e7e5a909 100644
--- a/src/utils/helper.go
+++ b/src/utils/helper.go
@@ -18,13 +18,22 @@ type ResponseDetail struct {
 }
 
 type PageLimitSearchID struct {
-	Page int
-	Limit int
-	Search string
-	ID string
+	Page    int
+	Limit   int
+	Search  string
+	ID      string
 	Periode string
 }
 
+type Payload struct {
+	ID     string
+	Nama   string
+	Email  string
+	NIM    string
+	Roles  []string
+	Kontak string
+}
+
 func ResponseDetailOutput(success bool, code int, message string, data interface{}) ResponseDetail {
 	res := ResponseDetail{
 		Success: success,
@@ -107,4 +116,4 @@ func GetPageLimitSearchID(urlValues url.Values) (output PageLimitSearchID, err e
 	}
 
 	return *param, nil
-}
\ No newline at end of file
+}