You could also define a separate pipeline for the authenticated endpoints:
defmodule MyApp.Router do use MyApp.Web, :router pipeline :admin do plug :accepts, ["html"] plug Authentication # this represents some plug that provides authentication end scope "/", MyApp do pipe_through :browser resources "/things", ThingController end scope "/admin", MyApp do pipe_through :admin resources "/admin/things", Admin.ThingsController endendThe admin scope is just an example, it can be anything you like, but the pipeline idea remains consistent.
This technique will keep your controllers cleaner, but is not always possible. It depends on your exact requirements.