diff --git a/log/log.txt b/log/log.txt
index 60cec3f..e38ff62 100644
--- a/log/log.txt
+++ b/log/log.txt
@@ -1,16 +1,16 @@
-(n-a) - [14.10.2018 12:35:19] - 400 NoArguments - 2.01ms - (none)
-(n-a) - [14.10.2018 12:35:19] - 400 NoArguments - 0.73ms - (none)
-(n-a) - [14.10.2018 12:35:19] - 400 MissingMethod - 1.23ms - (none)
-(n-a) - [14.10.2018 12:35:19] - 400 MissingMethod - 0.04ms - (none)
-(n-a) - [14.10.2018 12:35:19] - 400 MissingMethod - 0.06ms - (none)
-(n-a) - [14.10.2018 12:35:19] - 400 BadMethod - 0.06ms - someNonExistentMockFunction()
-(n-a) - [14.10.2018 12:35:19] - 400 BadMethod - 0.05ms - someNonExistentMockFunction()
-(n-a) - [14.10.2018 12:35:19] - 400 TooFewArgs - 0.85ms - someMockFunction()
-(n-a) - [14.10.2018 12:35:19] - 400 TooFewArgs - 0.18ms - someMockFunction(val)
-(n-a) - [14.10.2018 12:35:19] - 400 TooManyArgs - 0.15ms - someMockFunction(val, val, val, val)
-(n-a) - [14.10.2018 12:35:19] - 200  - 0.03ms - someMockFunction(val, val)
-(n-a) - [14.10.2018 12:35:19] - 200  - 0.03ms - someMockFunction(val, val, val)
-(n-a) - [14.10.2018 12:35:19] - 200  - 0.03ms - someMockFunction(val, val, val)
-(n-a) - [14.10.2018 12:35:19] - 200  - 0.03ms - someOtherMockFunction(one, two, threeOpt)
-(n-a) - [14.10.2018 12:35:19] - 200  - 0.03ms - someOtherMockFunction(two, threeOpt, one)
-(n-a) - [14.10.2018 12:35:19] - 200  - 0.03ms - someOtherMockFunction(two, threeOpt, one)
+(n-a) - [04.12.2018 23:25:12] - 400 NoArguments - 1.29ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 NoArguments - 1.13ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 MissingMethod - 0.91ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 MissingMethod - 0.07ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 MissingMethod - 0.05ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 BadMethod - 0.06ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 BadMethod - 0.06ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 TooFewArgs - 0.91ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 TooFewArgs - 0.23ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 400 TooManyArgs - 0.28ms - (none)
+(n-a) - [04.12.2018 23:25:12] - 200  - 0.05ms - someMockFunction(val, val)
+(n-a) - [04.12.2018 23:25:12] - 200  - 0.05ms - someMockFunction(val, val, val)
+(n-a) - [04.12.2018 23:25:12] - 200  - 0.04ms - someMockFunction(val, val, val)
+(n-a) - [04.12.2018 23:25:12] - 200  - 0.04ms - someOtherMockFunction(one, two, threeOpt)
+(n-a) - [04.12.2018 23:25:12] - 200  - 0.05ms - someOtherMockFunction(two, threeOpt, one)
+(n-a) - [04.12.2018 23:25:12] - 200  - 0.06ms - someOtherMockFunction(two, threeOpt, one)
diff --git a/src/Webservice/Exception/ConfigException.php b/src/Webservice/Exception/ConfigException.php
new file mode 100644
index 0000000..2b416db
--- /dev/null
+++ b/src/Webservice/Exception/ConfigException.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace Bsr\Webservice\Exception;
+
+/**
+ * This exception should be raised by the WebService engine when
+ * there is an error in the provided configuration information.
+ *
+ * @package Bsr\Webservice\Exception
+ */
+class ConfigException extends \Exception {
+}
diff --git a/src/Webservice/WebService.php b/src/Webservice/WebService.php
index acd3a8c..6fca314 100644
--- a/src/Webservice/WebService.php
+++ b/src/Webservice/WebService.php
@@ -3,6 +3,7 @@
 namespace Bsr\Webservice;
 
 use Bsr\Webservice\Exception\UsageException;
+use Bsr\Webservice\Exception\ConfigException;
 use Bsr\Webservice\Exception\WebException;
 use Bsr\Utils\Configuration\Configuration;
 use Bsr\Utils\Logger\Logger;
@@ -91,19 +92,33 @@ abstract class WebService
 
         $params = $this->filterParams($params);
 
+        $this->isAllowedMethodNameOrThrow($params["func"]);
+
         $this->func = $params["func"];
         unset($params['func']);
 
+        $this->paramsMatchMethodDeclarationOrThrow($params);
+
         Logger::info(array(
             'func' => $this->func.'('.implode(', ', $params).')',
         ));
 
+        return call_user_func_array(array($this, $this->func), $params);
+    }
+
+    /**
+     * Verify that the provided params match the declaration of the requested method
+     * @param array $params
+     * @throws UsageException
+     */
+    protected function paramsMatchMethodDeclarationOrThrow($params)
+    {
         if (!is_callable(array($this, $this->func))) {
-            throw new UsageException("BadMethod", "Method {$this->func} does not exists.", UsageException::BAD_METHOD);
+            throw new UsageException("BadMethod", "Method {$this->func} does not exist.", UsageException::BAD_METHOD);
         }
 
-        $rm = new \ReflectionMethod($this, $this->func);
         $nbParams = count($params);
+        $rm = new \ReflectionMethod($this, $this->func);
         $nbArgsFix = $rm->getNumberOfRequiredParameters();
         $nbArgs = $rm->getNumberOfParameters();
 
@@ -114,8 +129,24 @@ abstract class WebService
         if ($nbParams > $nbArgs) {
             throw new UsageException("TooManyArgs", "You must provide at most $nbArgs arguments.", UsageException::TOO_MANY_ARGS);
         }
+    }
 
-        return call_user_func_array(array($this, $this->func), $params);
+    /**
+     * If no configuration is available assumes that all public methods are allowed
+     * @param string the requested method name from api param func
+     */
+    protected function isAllowedMethodNameOrThrow($requestedMethodName)
+    {
+        $allowedMethodNames = Configuration::get('webservice.api_method_names', null);
+        if (null === $allowedMethodNames) {
+            return;
+        }
+        if (!is_array($allowedMethodNames)) {
+            throw new ConfigException('Bad config. You should pass an array of method names as strings, in "webservice" key and "api_method_names" subkey');
+        }
+        if (!in_array($requestedMethodName, $allowedMethodNames)) {
+            throw new UsageException("BadMethod", "Method {$requestedMethodName} is not whitelisted. Pick one of :" . implode(', ', $allowedMethodNames), UsageException::BAD_METHOD);
+        }
     }
 
     /**