diff --git a/server/api/get-berths.ts b/server/api/get-berths.ts
index 3b3cd50..c313918 100644
--- a/server/api/get-berths.ts
+++ b/server/api/get-berths.ts
@@ -1,11 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[get-berths] Request received with x-tag:', xTagHeader);
+import { getNocoDbConfiguration } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[get-berths] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[get-berths] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const config = getNocoDbConfiguration();
diff --git a/server/api/get-interest-berths.ts b/server/api/get-interest-berths.ts
index 41f577a..a272c36 100644
--- a/server/api/get-interest-berths.ts
+++ b/server/api/get-interest-berths.ts
@@ -1,11 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[get-interest-berths] Request received with x-tag:', xTagHeader);
+import { getNocoDbConfiguration } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[get-interest-berths] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[get-interest-berths] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const query = getQuery(event);
diff --git a/server/api/get-interest-by-id.ts b/server/api/get-interest-by-id.ts
index d01d1b1..efe5066 100644
--- a/server/api/get-interest-by-id.ts
+++ b/server/api/get-interest-by-id.ts
@@ -1,11 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[get-interest-by-id] Request received with x-tag:', xTagHeader);
+import { getInterestById } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[get-interest-by-id] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[get-interest-by-id] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   const query = getQuery(event);
   const { id } = query;
diff --git a/server/api/get-interests.ts b/server/api/get-interests.ts
index bd0fab7..9203140 100644
--- a/server/api/get-interests.ts
+++ b/server/api/get-interests.ts
@@ -1,11 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[get-interests] Request received with x-tag:', xTagHeader);
+import { getInterests } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[get-interests] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[get-interests] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     console.log('[get-interests] Fetching interests...');
diff --git a/server/api/link-berth-recommendations-to-interest.ts b/server/api/link-berth-recommendations-to-interest.ts
index 81b823d..24d9690 100644
--- a/server/api/link-berth-recommendations-to-interest.ts
+++ b/server/api/link-berth-recommendations-to-interest.ts
@@ -1,11 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[link-berth-recommendations] Request received with x-tag:', xTagHeader);
+import { getNocoDbConfiguration } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[link-berth-recommendations] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[link-berth-recommendations] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   const body = await readBody(event);
   const { interestId, berthIds } = body;
diff --git a/server/api/link-berths-to-interest.ts b/server/api/link-berths-to-interest.ts
index a082a4c..9ce805e 100644
--- a/server/api/link-berths-to-interest.ts
+++ b/server/api/link-berths-to-interest.ts
@@ -1,13 +1,12 @@
 import { withBerthQueue } from '~/server/utils/operation-lock';
+import { getNocoDbConfiguration } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[link-berths] Request received with x-tag:', xTagHeader);
+  console.log('[link-berths] Request received');
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[link-berths] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);
diff --git a/server/api/unlink-berth-recommendations-from-interest.ts b/server/api/unlink-berth-recommendations-from-interest.ts
index 7f3ed7a..401f35e 100644
--- a/server/api/unlink-berth-recommendations-from-interest.ts
+++ b/server/api/unlink-berth-recommendations-from-interest.ts
@@ -1,11 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[unlink-berth-recommendations] Request received with x-tag:', xTagHeader);
+import { getNocoDbConfiguration } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[unlink-berth-recommendations] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[unlink-berth-recommendations] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   const body = await readBody(event);
   const { interestId, berthIds } = body;
diff --git a/server/api/unlink-berths-from-interest.ts b/server/api/unlink-berths-from-interest.ts
index 22bfa13..42b5f0f 100644
--- a/server/api/unlink-berths-from-interest.ts
+++ b/server/api/unlink-berths-from-interest.ts
@@ -1,13 +1,12 @@
 import { withBerthQueue } from '~/server/utils/operation-lock';
+import { getNocoDbConfiguration } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[unlink-berths] Request received with x-tag:', xTagHeader);
+  console.log('[unlink-berths] Request received');
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[unlink-berths] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   const body = await readBody(event);
   const { interestId, berthIds } = body;