diff --git a/certidude/api/__init__.py b/certidude/api/__init__.py
index ff54439..945a684 100644
--- a/certidude/api/__init__.py
+++ b/certidude/api/__init__.py
@@ -233,13 +233,13 @@ def certidude_app(log_handlers=[]):
 
     # API calls used by pushed events on the JS end
     app.add_route("/api/signed/{cn}/tag/", TagResource())
-    app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource())
+    app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))
 
     # API call used to delete existing tags
     app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())
 
     # Gateways can submit leases via this API call
-    app.add_route("/api/lease/", LeaseResource())
+    app.add_route("/api/lease/", LeaseResource(authority))
 
     # Bootstrap resource
     app.add_route("/api/bootstrap/", BootstrapResource(authority))
diff --git a/certidude/api/lease.py b/certidude/api/lease.py
index 7ba1bf9..9b6449b 100644
--- a/certidude/api/lease.py
+++ b/certidude/api/lease.py
@@ -5,7 +5,7 @@ import logging
 import os
 import xattr
 from datetime import datetime
-from certidude import config, authority, push
+from certidude import config, push
 from certidude.auth import login_required, authorize_admin, authorize_server
 from certidude.decorators import serialize
 
@@ -14,12 +14,15 @@ logger = logging.getLogger(__name__)
 # TODO: lease namespacing (?)
 
 class LeaseDetailResource(object):
+    def __init__(self, authority):
+        self.authority = authority
+
     @serialize
     @login_required
     @authorize_admin
     def on_get(self, req, resp, cn):
         try:
-            path, buf, cert, signed, expires = authority.get_signed(cn)
+            path, buf, cert, signed, expires = self.authority.get_signed(cn)
             return dict(
                 last_seen =     xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
                 inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
@@ -30,6 +33,9 @@ class LeaseDetailResource(object):
 
 
 class LeaseResource(object):
+    def __init__(self, authority):
+        self.authority = authority
+
     @authorize_server
     def on_post(self, req, resp):
         client_common_name = req.get_param("client", required=True)
@@ -38,7 +44,7 @@ class LeaseResource(object):
             if "," in client_common_name:
                 client_common_name, _ = client_common_name.split(",", 1)
 
-        path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions
+        path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
         if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
             raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
         now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"