diff --git a/app/servers.go b/app/servers.go
index 1ef5b8b46..e61f5a1a9 100644
--- a/app/servers.go
+++ b/app/servers.go
@@ -63,6 +63,10 @@ func (app *CortezaApp) mountHttpRoutes(r chi.Router) {
 				app.WsServer.ApiServerRoutes(r)
 			})
 
+			if app.Opt.Federation.Enabled {
+				r.Route("/federation", federationRest.MountRoutes)
+			}
+
 			r.HandleFunc("/docs", func(w http.ResponseWriter, r *http.Request) {
 				// redirect to endpoint with slash
 				http.Redirect(w, r, "/"+apiBaseUrl+"/docs/", http.StatusPermanentRedirect)
@@ -138,12 +142,4 @@ func (app *CortezaApp) mountHttpRoutes(r chi.Router) {
 	} else {
 		app.Log.Info("client web applications disabled")
 	}
-
-	if app.Opt.Federation.Enabled {
-		r.Route("/federation", federationRest.MountRoutes)
-	} else {
-		app.Log.Info(
-			"federation API disabled",
-		)
-	}
 }
diff --git a/compose/rest/router.go b/compose/rest/router.go
index 93db07381..e3c16a102 100644
--- a/compose/rest/router.go
+++ b/compose/rest/router.go
@@ -28,15 +28,17 @@ func MountRoutes(r chi.Router) {
 	// Protect all _private_ routes
 	r.Group(func(r chi.Router) {
 		r.Use(auth.MiddlewareValidOnly)
-		r.Use(middlewareAllowedAccess)
-
-		handlers.NewNamespace(namespace).MountRoutes(r)
-		handlers.NewPage(page).MountRoutes(r)
-		handlers.NewAutomation(automation).MountRoutes(r)
-		handlers.NewModule(module).MountRoutes(r)
-		handlers.NewRecord(record).MountRoutes(r)
-		handlers.NewChart(chart).MountRoutes(r)
-		handlers.NewNotification(notification).MountRoutes(r)
 		handlers.NewPermissions(Permissions{}.New()).MountRoutes(r)
+
+		r.Group(func(r chi.Router) {
+			r.Use(middlewareAllowedAccess)
+			handlers.NewNamespace(namespace).MountRoutes(r)
+			handlers.NewPage(page).MountRoutes(r)
+			handlers.NewAutomation(automation).MountRoutes(r)
+			handlers.NewModule(module).MountRoutes(r)
+			handlers.NewRecord(record).MountRoutes(r)
+			handlers.NewChart(chart).MountRoutes(r)
+			handlers.NewNotification(notification).MountRoutes(r)
+		})
 	})
 }
diff --git a/federation/rest/router.go b/federation/rest/router.go
index 74a9bfc96..81fcab3c2 100644
--- a/federation/rest/router.go
+++ b/federation/rest/router.go
@@ -15,13 +15,16 @@ func MountRoutes(r chi.Router) {
 	// Protect all _private_ routes
 	r.Group(func(r chi.Router) {
 		r.Use(auth.MiddlewareValidOnly)
-		r.Use(middlewareAllowedAccess)
-
-		handlers.NewNode(Node{}.New()).MountRoutes(r)
 		handlers.NewPermissions(Permissions{}.New()).MountRoutes(r)
-		handlers.NewManageStructure((ManageStructure{}.New())).MountRoutes(r)
 
-		handlers.NewSyncData((SyncData{}.New())).MountRoutes(r)
-		handlers.NewSyncStructure((SyncStructure{}.New())).MountRoutes(r)
+		r.Group(func(r chi.Router) {
+			r.Use(middlewareAllowedAccess)
+
+			handlers.NewNode(Node{}.New()).MountRoutes(r)
+			handlers.NewManageStructure((ManageStructure{}.New())).MountRoutes(r)
+
+			handlers.NewSyncData((SyncData{}.New())).MountRoutes(r)
+			handlers.NewSyncStructure((SyncStructure{}.New())).MountRoutes(r)
+		})
 	})
 }