diff --git a/app/Http/Controllers/Forms/FormController.php b/app/Http/Controllers/Forms/FormController.php
index a70ff511..cbc188e2 100644
--- a/app/Http/Controllers/Forms/FormController.php
+++ b/app/Http/Controllers/Forms/FormController.php
@@ -23,7 +23,7 @@ class FormController extends Controller
 
     public function __construct()
     {
-        $this->middleware('auth');
+        $this->middleware('auth', ['except' => ['uploadAsset']]);
         $this->formCleaner = new FormCleaner();
     }
 
@@ -217,8 +217,6 @@ class FormController extends Controller
      */
     public function uploadAsset(UploadAssetRequest $request)
     {
-        $this->authorize('viewAny', Form::class);
-
         $fileNameParser = StorageFileNameParser::parse($request->url);
 
         // Make sure we retrieve the file in tmp storage, move it to persistent
diff --git a/routes/api.php b/routes/api.php
index f5484c3c..9cdb8e8a 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -122,7 +122,7 @@ Route::group(['middleware' => 'auth:api'], function () {
             Route::post(
                 '/assets/upload',
                 [FormController::class, 'uploadAsset']
-            )->name('assets.upload');
+            )->withoutMiddleware(['auth:api'])->name('assets.upload');
             Route::get(
                 '/{id}/uploaded-file/{filename}',
                 [FormController::class, 'viewFile']