diff --git a/src/controller/controller_api.cpp b/src/controller/controller_api.cpp
index fcbe8e6e..747a6135 100644
--- a/src/controller/controller_api.cpp
+++ b/src/controller/controller_api.cpp
@@ -319,6 +319,7 @@ int Controller::handleAPIConnection(Socket::Connection & conn){
   //set up defaults
   unsigned int logins = 0;
   bool authorized = false;
+  bool isLocal = false;
   HTTP::Parser H;
   //while connected and not past login attempt limit
   while (conn && logins < 4){
@@ -326,6 +327,7 @@ int Controller::handleAPIConnection(Socket::Connection & conn){
       //Are we local and not forwarded? Instant-authorized.
       if (!authorized && !H.hasHeader("X-Real-IP") && conn.isLocal()){
         MEDIUM_MSG("Local API access automatically authorized");
+        isLocal = true;
         authorized = true;
       }
       #ifdef NOAUTH
@@ -404,6 +406,7 @@ int Controller::handleAPIConnection(Socket::Connection & conn){
         //if already authorized, do not re-check for authorization
         if (authorized && Storage["account"]){
           Response["authorize"]["status"] = "OK";
+          if (isLocal){Response["authorize"]["local"] = true;}
         }else{
           authorized |= authorize(Request, Response, conn);
         }
@@ -454,7 +457,9 @@ void Controller::handleUDPAPI(void * np){
       JSON::Value Response;
       if (Request.isObject()){
         tthread::lock_guard<tthread::mutex> guard(configMutex);
+        Response["authorize"]["local"] = true;
         handleAPICommands(Request, Response);
+        Response.removeMember("authorize");
         uSock.SendNow(Response.toString());
       }else{
         WARN_MSG("Invalid API command received over UDP: %s", uSock.data);
@@ -953,6 +958,22 @@ void Controller::handleAPICommands(JSON::Value & Request, JSON::Value & Response
     Response["api_endpoint"] = url.getUrl();
   }
 
+  if (Request.isMember("shutdown")){
+    if (Response.isMember("authorize") && Response["authorize"].isMember("local")){
+      std::string reason;
+      if (Request["shutdown"].isObject() || Request["shutdown"].isArray()){
+        reason = Request["shutdown"].toString();
+      }else{
+        reason = Request["shutdown"].asString();
+      }
+      WARN_MSG("Shutdown requested through local API: %s", reason.c_str());
+      Controller::conf.is_active = false;
+      Response["shutdown"] = "Shutting down";
+    }else{
+      Response["shutdown"] = "Ignored - only local users may request shutdown";
+    }
+  }
+
   if (Request.isMember("invalidate_sessions")){
     if (Request["invalidate_sessions"].isArray()){
       for (unsigned int i = 0; i < Request["invalidate_sessions"].size(); ++i){