diff --git a/webapp/backend/apiserver/controllers/userController.js b/webapp/backend/apiserver/controllers/userController.js
index 162bb7564ce90aca4b5d85550dfffc034ff20f3c..4411e1009fb04978b5b7daa1b39bf1cab9e85c76 100644
--- a/webapp/backend/apiserver/controllers/userController.js
+++ b/webapp/backend/apiserver/controllers/userController.js
@@ -184,7 +184,9 @@ exports.login = async (req, res) => {
 
 exports.getUserById = async (req, res) => {
     try {
-        const user = await User.findByPk(2, {
+        const userID = req.params.id;
+
+        const user = await User.findByPk(userID, {
             include: [{model: Profile}],
             attributes: ['userID', 'name', 'email', 'createdAt', 'updatedAt'],
         });
diff --git a/webapp/backend/apiserver/routes/user.js b/webapp/backend/apiserver/routes/user.js
index 177c77b81cc4bd426a0f441f08c1c1c5bbe8dc47..eb452e0d8c120406c6cfcf0693470d8223d1545f 100644
--- a/webapp/backend/apiserver/routes/user.js
+++ b/webapp/backend/apiserver/routes/user.js
@@ -7,7 +7,7 @@ router.post('/users', userController.signUp);
 router.post('/login', userController.login);
 router.post('/verify_email', userController.verifyEmail);
 
-router.get('/users/:id', userController.getUserById);
+router.get('/users/:id', authMiddleware, userController.getUserById);
 router.put('/users/:id', authMiddleware, userController.updateUser);
 router.delete('/users/:id', authMiddleware, userController.deleteUser);