diff --git a/pkg/api/server.go b/pkg/api/server.go
index 302fc46..f95b354 100644
--- a/pkg/api/server.go
+++ b/pkg/api/server.go
@@ -80,6 +80,15 @@ func NewServer(cfg *config.Config, db *bun.DB, wh WhatsHookedInterface) (*Server
 	}
 	restheadspec.RegisterSecurityHooks(handler, securityList)
 
+	// Ensure legacy /api/* handlers use the same ResolveSpec auth method.
+	// This keeps JWT + phase1 auth behavior aligned across /api and /api/v1.
+	wh.Handlers().WithAuthConfig(&handlers.AuthConfig{
+		Validator: func(r *http.Request) bool {
+			_, err := secProvider.Authenticate(r)
+			return err == nil
+		},
+	})
+
 	// Create router
 	router := mux.NewRouter()