diff --git a/backend/api/index.php b/backend/api/index.php
index d4d0386..38c46dd 100644
--- a/backend/api/index.php
+++ b/backend/api/index.php
@@ -20,7 +20,7 @@ $path = str_replace('/api/', '', $path);
 $segments = explode('/', trim($path, '/'));
 $resource = $segments[0] ?? '';
 
-if ($resource !== 'session') {
+if ($resource !== 'session' && $resource !== 'login' && $resource !== 'logout') {
     $loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true;
     if (!$loggedin) {
         http_response_code(401);