diff --git a/opt/00-infrastructure/traefik/config/dynamic.yml b/opt/00-infrastructure/traefik/config/dynamic.yml
index d462e18..128e191 100644
--- a/opt/00-infrastructure/traefik/config/dynamic.yml
+++ b/opt/00-infrastructure/traefik/config/dynamic.yml
@@ -1,5 +1,25 @@
 http:
   routers:
+    # Postiz API (backend) - without SSO protection
+    postiz-api:
+      rule: "Host(`social.ai-impress.com`) && PathPrefix(`/api`)"
+      service: postiz-api
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+
+    # Postiz frontend - with Authentik
+    postiz:
+      rule: "Host(`social.ai-impress.com`) && !PathPrefix(`/api`)"
+      service: postiz
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+      middlewares:
+        - authentik@file
+
     mirotalk:
       rule: "Host(`webinar.ai-impress.com`)"
       service: mirotalk
@@ -9,6 +29,16 @@ http:
         certResolver: cloudflare
 
   services:
+    postiz-api:
+      loadBalancer:
+        servers:
+          - url: "http://postiz:5000"
+
+    postiz:
+      loadBalancer:
+        servers:
+          - url: "http://postiz:5000"
+
     mirotalk:
       loadBalancer:
         servers:
diff --git a/opt/postiz-config/docker-compose.yml b/opt/postiz-config/docker-compose.yml
index ba9d23a..c61605f 100644
--- a/opt/postiz-config/docker-compose.yml
+++ b/opt/postiz-config/docker-compose.yml
@@ -19,21 +19,14 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=traefik-public"
-      
-      # Main frontend: social.ai-impress.com (with Authelia)
-      - "traefik.http.routers.postiz.rule=Host(`social.ai-impress.com`)"
-      - "traefik.http.routers.postiz.entrypoints=websecure"
-      - "traefik.http.routers.postiz.tls.certresolver=cloudflare"
-      - "traefik.http.routers.postiz.middlewares=authentik@file"
-      
-      # Uploads subdomain: uploads.ai-impress.com (without Authelia, for social media bots)
-      - "traefik.http.routers.postiz-uploads.rule=Host(`uploads.ai-impress.com`)"
-      - "traefik.http.routers.postiz-uploads.entrypoints=websecure"
-      - "traefik.http.routers.postiz-uploads.tls.certresolver=cloudflare"
-      
+
       # Service port
       - "traefik.http.services.postiz.loadbalancer.server.port=5000"
 
+      # Routing configured in /opt/00-infrastructure/traefik/config/dynamic.yml
+      # - postiz-api: /api routes (no SSO)
+      # - postiz: frontend routes (with Authentik)
+
   postiz-postgres:
     image: postgres:16-alpine
     container_name: postiz-postgres