diff --git a/services/authentication/configs/access.yml b/services/authentication/configs/access.yml
index d6d2356..3f67827 100644
--- a/services/authentication/configs/access.yml
+++ b/services/authentication/configs/access.yml
@@ -40,7 +40,7 @@ access_control:
       policy: bypass
       resources:
         - '^/api$'
-        - '^/api/'
+        - '^/api(/|\?)'
     # Effective default policy, only allow admins with two-factor
     - domain_regex: '.*'
       policy: two_factor