diff --git a/proxmox-rest-server/src/api_config.rs b/proxmox-rest-server/src/api_config.rs
index be7fbc23..4ff1df5f 100644
--- a/proxmox-rest-server/src/api_config.rs
+++ b/proxmox-rest-server/src/api_config.rs
@@ -13,10 +13,10 @@ use hyper::http::request::Parts;
 use handlebars::Handlebars;
 use serde::Serialize;
 
-use proxmox::api::{ApiMethod, Router, RpcEnvironmentType};
+use proxmox::api::{ApiMethod, Router, RpcEnvironmentType, UserInformation};
 use proxmox::tools::fs::{create_path, CreateOptions};
 
-use crate::{ApiAuth, FileLogger, FileLogOptions, CommandSocket};
+use crate::{ApiAuth, AuthError, FileLogger, FileLogOptions, CommandSocket};
 
 pub type GetIndexFn = &'static (dyn for<'a> Fn(Option<String>, Option<String>, &'a ApiConfig, Parts) -> Pin<Box<dyn Future<Output = Response<Body>> + Send + 'a>> + Send + Sync);
 
@@ -30,7 +30,7 @@ pub struct ApiConfig {
     template_files: RwLock<HashMap<String, (SystemTime, PathBuf)>>,
     request_log: Option<Arc<Mutex<FileLogger>>>,
     auth_log: Option<Arc<Mutex<FileLogger>>>,
-    pub(crate) api_auth: Arc<dyn ApiAuth + Send + Sync>,
+    api_auth: Arc<dyn ApiAuth + Send + Sync>,
     get_index_fn: GetIndexFn,
 }
 
@@ -79,6 +79,14 @@ impl ApiConfig {
         (self.get_index_fn)(auth_id, language, self, parts).await
     }
 
+    pub(crate) async fn check_auth(
+        &self,
+        headers: &http::HeaderMap,
+        method: &hyper::Method,
+    ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
+        self.api_auth.check_auth(headers, method).await
+    }
+
     pub(crate) fn find_method(
         &self,
         components: &[&str],
diff --git a/proxmox-rest-server/src/rest.rs b/proxmox-rest-server/src/rest.rs
index 5f7ecbaa..d0a748c8 100644
--- a/proxmox-rest-server/src/rest.rs
+++ b/proxmox-rest-server/src/rest.rs
@@ -630,8 +630,6 @@ async fn handle_request(
 
     rpcenv.set_client_ip(Some(*peer));
 
-    let auth = &api.api_auth;
-
     let delay_unauth_time = std::time::Instant::now() + std::time::Duration::from_millis(3000);
     let access_forbidden_time = std::time::Instant::now() + std::time::Duration::from_millis(500);
 
@@ -658,7 +656,7 @@ async fn handle_request(
             let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
 
             if auth_required {
-                match auth.check_auth(&parts.headers, &method).await {
+                match api.check_auth(&parts.headers, &method).await {
                     Ok((authid, info)) => {
                         rpcenv.set_auth_id(Some(authid));
                         user_info = info;
@@ -730,7 +728,7 @@ async fn handle_request(
 
         if comp_len == 0 {
             let language = extract_lang_header(&parts.headers);
-            match auth.check_auth(&parts.headers, &method).await {
+            match api.check_auth(&parts.headers, &method).await {
                 Ok((auth_id, _user_info)) => {
                     return Ok(api.get_index(Some(auth_id), language, parts).await);
                 }