diff --git a/notifications/views.py b/notifications/views.py
index 812502e..c3a6751 100644
--- a/notifications/views.py
+++ b/notifications/views.py
@@ -11,6 +11,7 @@ from rest_framework import viewsets, status, views
 # local imports
 from account.utils import custom_response, custom_error_response
 from base.messages import SUCCESS_CODE, ERROR_CODE
+from base.pagination import CustomPageNumberPagination
 from base.tasks import notify_task_expiry, notify_top_junior
 from notifications.constants import TEST_NOTIFICATION
 from notifications.serializers import RegisterDevice, NotificationListSerializer, ReadNotificationSerializer
@@ -33,10 +34,10 @@ class NotificationViewSet(viewsets.GenericViewSet):
         """
         queryset = Notification.objects.filter(notification_to_id=request.auth.payload['user_id']
                                                ).select_related('notification_to').order_by('-id')
-        paginator = self.pagination_class()
+        paginator = CustomPageNumberPagination()
         paginated_queryset = paginator.paginate_queryset(queryset, request)
         serializer = self.serializer_class(paginated_queryset, many=True)
-        return custom_response(None, serializer.data, count=queryset.count())
+        return paginator.get_paginated_response(serializer.data)
 
     @action(methods=['post'], detail=False, url_path='device', url_name='device', serializer_class=RegisterDevice)
     def fcm_registration(self, request):
diff --git a/web_admin/serializers/article_serializer.py b/web_admin/serializers/article_serializer.py
index 7e94e9b..d030d41 100644
--- a/web_admin/serializers/article_serializer.py
+++ b/web_admin/serializers/article_serializer.py
@@ -81,7 +81,7 @@ class ArticleSerializer(serializers.ModelSerializer):
         meta class
         """
         model = Article
-        fields = ('id', 'title', 'description', 'article_cards', 'article_survey')
+        fields = ('id', 'title', 'description', 'is_published', 'article_cards', 'article_survey')
 
     def validate(self, attrs):
         """
diff --git a/web_admin/views/article.py b/web_admin/views/article.py
index 902f579..c9d4426 100644
--- a/web_admin/views/article.py
+++ b/web_admin/views/article.py
@@ -130,6 +130,22 @@ class ArticleViewSet(GenericViewSet, mixins.CreateModelMixin, mixins.UpdateModel
             return custom_response(SUCCESS_CODE["3029"])
         return custom_error_response(ERROR_CODE["2041"], status.HTTP_400_BAD_REQUEST)
 
+    @action(methods=['get'], url_name='status-change', url_path='status-change',
+            detail=True)
+    def article_status_change(self, request, *args, **kwargs):
+        """
+        article un-publish or publish api method
+        :param request: article id
+        :return: success message
+        """
+        try:
+            article = Article.objects.filter(id=kwargs['pk']).first()
+            article.is_published = False if article.is_published else True
+            article.save(update_fields=['is_published'])
+            return custom_response(SUCCESS_CODE["3038"])
+        except AttributeError:
+            return custom_error_response(ERROR_CODE["2041"], response_status=status.HTTP_400_BAD_REQUEST)
+
     @action(methods=['get'], url_name='remove-card', url_path='remove-card',
             detail=True)
     def remove_article_card(self, request, *args, **kwargs):
diff --git a/zod_bank/settings.py b/zod_bank/settings.py
index 781df80..7ea1f74 100644
--- a/zod_bank/settings.py
+++ b/zod_bank/settings.py
@@ -37,7 +37,17 @@ SECRET_KEY = os.getenv('SECRET_KEY')
 DEBUG = os.getenv('DEBUG')
 
 # cors allow setting
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ORIGIN_ALLOW_ALL = False
+
+# Allow specific origins
+CORS_ALLOWED_ORIGINS = [
+    "https://dev-api.zodqaapp.com",
+    "https://qa-api.zodqaapp.com",
+    "https://stage-api.zodqaapp.com",
+    # Add more trusted origins as needed
+]
+# if DEBUG:
+#     CORS_ALLOWED_ORIGINS += ["http://localhost:3000"]
 
 # allow all host
 ALLOWED_HOSTS = ['*']
@@ -53,7 +63,7 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    # Add Django rest frame work apps here
+    # Add Django rest framework apps here
     'django_extensions',
     'storages',
     'drf_yasg',
diff --git a/zod_bank/urls.py b/zod_bank/urls.py
index a34ef93..ba78b8f 100644
--- a/zod_bank/urls.py
+++ b/zod_bank/urls.py
@@ -20,12 +20,11 @@ from django.urls import path, include
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
 from django.urls import path
-
+from django.conf import settings
 
 schema_view = get_schema_view(openapi.Info(title="Zod Bank API", default_version='v1'), public=True, )
 
 urlpatterns = [
-    path('apidoc/', schema_view.with_ui('swagger', cache_timeout=None), name='schema-swagger-ui'),
     path('admin/', admin.site.urls),
     path('', include(('account.urls', 'account'), namespace='account')),
     path('', include('guardian.urls')),
@@ -33,3 +32,6 @@ urlpatterns = [
     path('', include(('notifications.urls', 'notifications'), namespace='notifications')),
     path('', include(('web_admin.urls', 'web_admin'), namespace='web_admin')),
 ]
+
+if settings.DEBUG:
+    urlpatterns += [(path('apidoc/', schema_view.with_ui('swagger', cache_timeout=None), name='schema-swagger-ui'))]