diff --git a/server/api/files/list-with-attachments.ts b/server/api/files/list-with-attachments.ts
index c0c96b3..d2e03ae 100644
--- a/server/api/files/list-with-attachments.ts
+++ b/server/api/files/list-with-attachments.ts
@@ -1,11 +1,9 @@
+import { requireAuth } from '~/server/utils/auth';
 import { Client } from 'minio';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
   
   try {
     const query = getQuery(event);
diff --git a/server/api/files/proxy-download.ts b/server/api/files/proxy-download.ts
index bbab368..5aaea7b 100644
--- a/server/api/files/proxy-download.ts
+++ b/server/api/files/proxy-download.ts
@@ -1,6 +1,10 @@
+import { requireAuth } from '~/server/utils/auth';
 import { getMinioClient } from '~/server/utils/minio';
 
 export default defineEventHandler(async (event) => {
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
+  
   try {
     const query = getQuery(event);
     const fileName = query.fileName as string;
diff --git a/server/api/files/proxy-preview.ts b/server/api/files/proxy-preview.ts
index a68a257..95222a5 100644
--- a/server/api/files/proxy-preview.ts
+++ b/server/api/files/proxy-preview.ts
@@ -1,7 +1,11 @@
+import { requireAuth } from '~/server/utils/auth';
 import { getMinioClient } from '~/server/utils/minio';
 import mime from 'mime-types';
 
 export default defineEventHandler(async (event) => {
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
+  
   try {
     const query = getQuery(event);
     const fileName = query.fileName as string;