Previously I had an auth filter that would return 401 unless the user passed a specific token. But then I realized there are a few endpoints (mostly health ones) that need to be accessible unathenticated.
So I changed it so the auth endpoint now sets a boolean flag, and only checks it for the endpoints that actually do things.