diff --git a/src/Robware.Api.Auth/Controllers/ApiController.cs b/src/Robware.Api.Auth/Controllers/ApiController.cs
index 7352290..5687851 100644
--- a/src/Robware.Api.Auth/Controllers/ApiController.cs
+++ b/src/Robware.Api.Auth/Controllers/ApiController.cs
@@ -1,5 +1,4 @@
-using Microsoft.AspNetCore.Authorization;
-using System.Threading.Tasks;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using Robware.Auth.API;
@@ -23,15 +22,12 @@ namespace Robware.Api.Auth.Controllers {
 		public async Task<ActionResult> Validate(string key) => await _apiKeyValidator.Validate(key) ? (ActionResult) Ok() : Unauthorized();
 
 		[HttpPost(nameof(Create))]
-		[Authorize]
 		public async Task<ActionResult<ApiKey>> Create(string name) => await _apiKeyRepository.Create(name);
 
 		[HttpGet(nameof(List))]
-		[Authorize]
 		public async Task<ActionResult<ApiKey[]>> List() => (await _apiKeyRepository.GetAll()).ToArray();
 
 		[HttpDelete(nameof(Delete))]
-		[Authorize]
 		public async Task<ActionResult> Delete(string key) => await _apiKeyRepository.Delete(key) ? (ActionResult) NoContent() : BadRequest();
 
 		private async Task<ActionResult> SetEnabled(string key, bool enabled) {
@@ -48,11 +44,9 @@ namespace Robware.Api.Auth.Controllers {
 		}
 
 		[HttpPatch(nameof(Disable))]
-		[Authorize]
 		public async Task<ActionResult> Disable(string key) => await SetEnabled(key, false);
 
 		[HttpPatch(nameof(Enable))]
-		[Authorize]
 		public async Task<ActionResult> Enable(string key) => await SetEnabled(key, true);
 	}
 }
diff --git a/src/Robware.Api.Auth/Controllers/UserController.cs b/src/Robware.Api.Auth/Controllers/UserController.cs
index e8f6545..0cbe14a 100644
--- a/src/Robware.Api.Auth/Controllers/UserController.cs
+++ b/src/Robware.Api.Auth/Controllers/UserController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using Robware.Api.Auth.Models;
@@ -19,7 +18,6 @@ namespace Robware.Api.Auth.Controllers {
 		}
 
 		[HttpPost(nameof(Authenticate))]
-		[Authorize]
 		public async Task<ActionResult<User>> Authenticate(LoginRequest request) {
 			var (result, user) = await _authenticator.Authenticate(request.Username, request.Password);
 			switch (result) {
diff --git a/src/Robware.Api.Auth/Startup.cs b/src/Robware.Api.Auth/Startup.cs
index 8e952b8..b0a8862 100644
--- a/src/Robware.Api.Auth/Startup.cs
+++ b/src/Robware.Api.Auth/Startup.cs
@@ -55,7 +55,7 @@ namespace Robware.Api.Auth {
 			app.UseAuthorization();
 
 			app.UseEndpoints(endpoints => {
-				endpoints.MapControllers();
+				endpoints.MapControllers().RequireAuthorization();
 			});
 		}
 	}