diff --git a/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java b/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java
index 43fe4d5..d82be91 100644
--- a/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java
+++ b/src/main/java/com/litoralregas/backend_gateway/config/SecurityConfig.java
@@ -21,6 +21,10 @@ public class SecurityConfig {
         return http
                 .csrf(csrf -> csrf.disable())
                 .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/auth/**").permitAll()
+                        .requestMatchers("/debug/**").permitAll()
+                        .requestMatchers("/admin/**").permitAll()
+                        .requestMatchers("/api/backend/**").authenticated()
                         .anyRequest().permitAll()
                 )
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)