diff --git a/lnbits/core/views/api.py b/lnbits/core/views/api.py
index 995cf9e7..c448a6ab 100644
--- a/lnbits/core/views/api.py
+++ b/lnbits/core/views/api.py
@@ -34,11 +34,12 @@ from lnbits.core.models import Payment, Wallet
 from lnbits.decorators import (
     WalletTypeInfo,
     get_key_type,
+    require_admin_user,
     require_admin_key,
     require_invoice_key,
 )
 from lnbits.helpers import url_for, urlsafe_short_hash
-from lnbits.settings import LNBITS_ADMIN_USERS, LNBITS_SITE_TITLE, WALLET
+from lnbits.settings import LNBITS_SITE_TITLE, WALLET
 from lnbits.utils.exchange_rates import (
     currencies,
     fiat_amount_as_satoshis,
@@ -84,12 +85,8 @@ async def api_wallet(wallet: WalletTypeInfo = Depends(get_key_type)):
 
 @core_app.put("/api/v1/wallet/balance/{amount}")
 async def api_update_balance(
-    amount: int, wallet: WalletTypeInfo = Depends(get_key_type)
+    amount: int, wallet: WalletTypeInfo = Depends(require_admin_user)
 ):
-    if wallet.wallet.user not in LNBITS_ADMIN_USERS:
-        raise HTTPException(
-            status_code=HTTPStatus.FORBIDDEN, detail="Not an admin user"
-        )
 
     payHash = urlsafe_short_hash()
     await create_payment(
@@ -687,11 +684,7 @@ async def img(request: Request, data):
 
 
 @core_app.get("/api/v1/audit")
-async def api_auditor(wallet: WalletTypeInfo = Depends(get_key_type)):
-    if wallet.wallet.user not in LNBITS_ADMIN_USERS:
-        raise HTTPException(
-            status_code=HTTPStatus.FORBIDDEN, detail="Not an admin user"
-        )
+async def api_auditor(wallet: WalletTypeInfo = Depends(require_admin_user)):
 
     total_balance = await get_total_balance()
     error_message, node_balance = await WALLET.status()
diff --git a/lnbits/decorators.py b/lnbits/decorators.py
index d4aa63ae..b8a3d37c 100644
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@@ -172,6 +172,23 @@ async def get_key_type(
     )
 
 
+async def require_admin_user(
+    r: Request,
+    api_key_header: str = Security(api_key_header),  # type: ignore
+    api_key_query: str = Security(api_key_query),  # type: ignore
+):
+
+    token = api_key_header or api_key_query
+    wallet = await get_key_type(r, token)
+
+    if wallet.wallet.user not in LNBITS_ADMIN_USERS:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN, detail="Not an admin user"
+        )
+    else:
+        return wallet
+
+
 async def require_admin_key(
     r: Request,
     api_key_header: str = Security(api_key_header),  # type: ignore
diff --git a/lnbits/extensions/satspay/views_api.py b/lnbits/extensions/satspay/views_api.py
index 09884040..67397132 100644
--- a/lnbits/extensions/satspay/views_api.py
+++ b/lnbits/extensions/satspay/views_api.py
@@ -1,20 +1,18 @@
 import json
 from http import HTTPStatus
 
-import httpx
 from fastapi.params import Depends
 from loguru import logger
 from starlette.exceptions import HTTPException
 
-from lnbits.core.crud import get_wallet
 from lnbits.decorators import (
     WalletTypeInfo,
     get_key_type,
+    require_admin_user,
     require_admin_key,
     require_invoice_key,
 )
 from lnbits.extensions.satspay import satspay_ext
-from lnbits.settings import LNBITS_ADMIN_EXTENSIONS, LNBITS_ADMIN_USERS
 
 from .crud import (
     check_address_balance,
@@ -143,14 +141,9 @@ async def api_charge_balance(charge_id):
 @satspay_ext.post("/api/v1/themes/{css_id}")
 async def api_themes_save(
     data: SatsPayThemes,
-    wallet: WalletTypeInfo = Depends(require_invoice_key),
+    wallet: WalletTypeInfo = Depends(require_admin_user),
     css_id: str = None,
 ):
-    if LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS:
-        raise HTTPException(
-            status_code=HTTPStatus.FORBIDDEN,
-            detail="Only server admins can create themes.",
-        )
     if css_id:
         theme = await save_theme(css_id=css_id, data=data)
     else: