diff --git a/src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java b/src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java
index 8f3dbab..485c2c9 100644
--- a/src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java
+++ b/src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java
@@ -30,12 +30,12 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
-                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/authenticate", "/register").permitAll() // Public endpoints
-                        .anyRequest().authenticated() // All other endpoints require authentication
-                )
-                .csrf(AbstractHttpConfigurer::disable)
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+            .csrf(AbstractHttpConfigurer::disable)
+            .authorizeHttpRequests(auth -> auth
+                .requestMatchers("/token").permitAll() // Public endpoints
+                .anyRequest().authenticated() // All other endpoints require authentication
+            )
+            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
         return http.build();
diff --git a/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java b/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
index 72cc923..68d523b 100644
--- a/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
+++ b/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
@@ -15,9 +15,11 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import ch.dlmw.swisssignchallenge.utils.JwtUtil;
 
 import java.io.IOException;
+import java.util.List;
 
 @Component
 public class JwtRequestFilter extends OncePerRequestFilter {
+    private static final List<String> EXCLUDED_URIS = List.of("/token");
 
     @Autowired
     private UserDetailsService userDetailsService;
@@ -50,4 +52,10 @@ public class JwtRequestFilter extends OncePerRequestFilter {
 
         filterChain.doFilter(request, response);
     }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        var path = request.getRequestURI();
+        return EXCLUDED_URIS.contains(path);
+    }
 }