diff --git a/src/routes/settings.js b/src/routes/settings.js
index d7681ed97..64c9ba961 100644
--- a/src/routes/settings.js
+++ b/src/routes/settings.js
@@ -1,8 +1,11 @@
 'use strict';
 
 exports = module.exports = {
-    set: set,
-    get: get
+    set,
+    get,
+
+    // owner only settings
+    setBackupConfig
 };
 
 var assert = require('assert'),
@@ -276,7 +279,6 @@ function set(req, res, next) {
 
     switch (req.params.setting) {
     case settings.DYNAMIC_DNS_KEY: return setDynamicDnsConfig(req, res, next);
-    case settings.BACKUP_CONFIG_KEY: return setBackupConfig(req, res, next);
     case settings.PLATFORM_CONFIG_KEY: return setPlatformConfig(req, res, next);
     case settings.EXTERNAL_LDAP_KEY: return setExternalLdapConfig(req, res, next);
     case settings.UNSTABLE_APPS_KEY: return setUnstableAppsConfig(req, res, next);
diff --git a/src/server.js b/src/server.js
index dceb7d562..0124eab77 100644
--- a/src/server.js
+++ b/src/server.js
@@ -238,6 +238,7 @@ function initializeExpressSync() {
 
     // settings routes (these are for the settings tab - avatar & name have public routes for normal users. see above)
     router.get ('/api/v1/settings/:setting', token, authorizeAdmin, routes.settings.get);
+    router.post('/api/v1/settings/backup_config', token, authorizeOwner, routes.settings.setBackupConfig);
     router.post('/api/v1/settings/:setting', token, authorizeAdmin, (req, res, next) => {
         return req.params.setting === 'cloudron_avatar' ? multipart(req, res, next) : next();
     }, routes.settings.set);