diff --git a/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java b/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java
index 5e7ed38a..46be4f1b 100644
--- a/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java
+++ b/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java
@@ -58,13 +58,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, Authentication
                 .cors(Customizer.withDefaults())
                 .sessionManagement(configuration -> configuration.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers(HttpMethod.GET, "/actuator/**").permitAll()
+                        .requestMatchers(HttpMethod.POST, "/actuator/**").permitAll()
                         .requestMatchers(HttpMethod.POST,"/questions/**").permitAll()
                         .requestMatchers(HttpMethod.GET,"/questions/**").permitAll()
                         .requestMatchers(HttpMethod.GET,"/users/details").authenticated()
                         .requestMatchers(HttpMethod.GET,"/users","/users/**").permitAll()
                         .requestMatchers(HttpMethod.GET,"/auth/logout").authenticated()
                         .requestMatchers(HttpMethod.POST,"/auth/**").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/actuator/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/swagger/**").permitAll()
                         .anyRequest().authenticated())
                 .csrf(AbstractHttpConfigurer::disable)