diff --git a/backend/internal/controller/api_key_controller.go b/backend/internal/controller/api_key_controller.go
index e12f74ab..a7f99caf 100644
--- a/backend/internal/controller/api_key_controller.go
+++ b/backend/internal/controller/api_key_controller.go
@@ -43,7 +43,7 @@ func NewApiKeyController(group *gin.RouterGroup, authMiddleware *middleware.Auth
 // @Param sort_column query string false "Column to sort by" default("created_at")
 // @Param sort_direction query string false "Sort direction (asc or desc)" default("desc")
 // @Success 200 {object} dto.Paginated[dto.ApiKeyDto]
-// @Router /api-keys [get]
+// @Router /api/api-keys [get]
 func (c *ApiKeyController) listApiKeysHandler(ctx *gin.Context) {
 	userID := ctx.GetString("userID")
 
@@ -77,7 +77,7 @@ func (c *ApiKeyController) listApiKeysHandler(ctx *gin.Context) {
 // @Tags API Keys
 // @Param api_key body dto.ApiKeyCreateDto true "API key information"
 // @Success 201 {object} dto.ApiKeyResponseDto "Created API key with token"
-// @Router /api-keys [post]
+// @Router /api/api-keys [post]
 func (c *ApiKeyController) createApiKeyHandler(ctx *gin.Context) {
 	userID := ctx.GetString("userID")
 
@@ -111,7 +111,7 @@ func (c *ApiKeyController) createApiKeyHandler(ctx *gin.Context) {
 // @Tags API Keys
 // @Param id path string true "API Key ID"
 // @Success 204 "No Content"
-// @Router /api-keys/{id} [delete]
+// @Router /api/api-keys/{id} [delete]
 func (c *ApiKeyController) revokeApiKeyHandler(ctx *gin.Context) {
 	userID := ctx.GetString("userID")
 	apiKeyID := ctx.Param("id")
diff --git a/backend/internal/controller/app_config_controller.go b/backend/internal/controller/app_config_controller.go
index 40c84d85..23b6ae14 100644
--- a/backend/internal/controller/app_config_controller.go
+++ b/backend/internal/controller/app_config_controller.go
@@ -109,7 +109,7 @@ func (acc *AppConfigController) listAllAppConfigHandler(c *gin.Context) {
 // @Param body body dto.AppConfigUpdateDto true "Application Configuration"
 // @Success 200 {array} dto.AppConfigVariableDto
 // @Security BearerAuth
-// @Router /application-configuration [put]
+// @Router /api/application-configuration [put]
 func (acc *AppConfigController) updateAppConfigHandler(c *gin.Context) {
 	var input dto.AppConfigUpdateDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -141,7 +141,7 @@ func (acc *AppConfigController) updateAppConfigHandler(c *gin.Context) {
 // @Produce image/jpeg
 // @Produce image/svg+xml
 // @Success 200 {file} binary "Logo image"
-// @Router /application-configuration/logo [get]
+// @Router /api/application-configuration/logo [get]
 func (acc *AppConfigController) getLogoHandler(c *gin.Context) {
 	lightLogo := c.DefaultQuery("light", "true") == "true"
 
@@ -166,7 +166,7 @@ func (acc *AppConfigController) getLogoHandler(c *gin.Context) {
 // @Produce image/x-icon
 // @Success 200 {file} binary "Favicon image"
 // @Failure 404 {object} object "{"error": "File not found"}"
-// @Router /application-configuration/favicon [get]
+// @Router /api/application-configuration/favicon [get]
 func (acc *AppConfigController) getFaviconHandler(c *gin.Context) {
 	acc.getImage(c, "favicon", "ico")
 }
@@ -179,7 +179,7 @@ func (acc *AppConfigController) getFaviconHandler(c *gin.Context) {
 // @Produce image/jpeg
 // @Success 200 {file} binary "Background image"
 // @Failure 404 {object} object "{"error": "File not found"}"
-// @Router /application-configuration/background-image [get]
+// @Router /api/application-configuration/background-image [get]
 func (acc *AppConfigController) getBackgroundImageHandler(c *gin.Context) {
 	imageType := acc.appConfigService.DbConfig.BackgroundImageType.Value
 	acc.getImage(c, "background", imageType)
@@ -194,7 +194,7 @@ func (acc *AppConfigController) getBackgroundImageHandler(c *gin.Context) {
 // @Param file formData file true "Logo image file"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /application-configuration/logo [put]
+// @Router /api/application-configuration/logo [put]
 func (acc *AppConfigController) updateLogoHandler(c *gin.Context) {
 	lightLogo := c.DefaultQuery("light", "true") == "true"
 
@@ -220,7 +220,7 @@ func (acc *AppConfigController) updateLogoHandler(c *gin.Context) {
 // @Param file formData file true "Favicon file (.ico)"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /application-configuration/favicon [put]
+// @Router /api/application-configuration/favicon [put]
 func (acc *AppConfigController) updateFaviconHandler(c *gin.Context) {
 	file, err := c.FormFile("file")
 	if err != nil {
@@ -244,7 +244,7 @@ func (acc *AppConfigController) updateFaviconHandler(c *gin.Context) {
 // @Param file formData file true "Background image file"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /application-configuration/background-image [put]
+// @Router /api/application-configuration/background-image [put]
 func (acc *AppConfigController) updateBackgroundImageHandler(c *gin.Context) {
 	imageType := acc.appConfigService.DbConfig.BackgroundImageType.Value
 	acc.updateImage(c, "background", imageType)
@@ -282,7 +282,7 @@ func (acc *AppConfigController) updateImage(c *gin.Context, imageName string, ol
 // @Tags Application Configuration
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /application-configuration/sync-ldap [post]
+// @Router /api/application-configuration/sync-ldap [post]
 func (acc *AppConfigController) syncLdapHandler(c *gin.Context) {
 	err := acc.ldapService.SyncAll()
 	if err != nil {
@@ -299,7 +299,7 @@ func (acc *AppConfigController) syncLdapHandler(c *gin.Context) {
 // @Tags Application Configuration
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /application-configuration/test-email [post]
+// @Router /api/application-configuration/test-email [post]
 func (acc *AppConfigController) testEmailHandler(c *gin.Context) {
 	userID := c.GetString("userID")
 
diff --git a/backend/internal/controller/audit_log_controller.go b/backend/internal/controller/audit_log_controller.go
index 2d64f928..89f147a4 100644
--- a/backend/internal/controller/audit_log_controller.go
+++ b/backend/internal/controller/audit_log_controller.go
@@ -36,7 +36,7 @@ type AuditLogController struct {
 // @Param sort_column query string false "Column to sort by" default("created_at")
 // @Param sort_direction query string false "Sort direction (asc or desc)" default("desc")
 // @Success 200 {object} dto.Paginated[dto.AuditLogDto]
-// @Router /audit-logs [get]
+// @Router /api/audit-logs [get]
 func (alc *AuditLogController) listAuditLogsForUserHandler(c *gin.Context) {
 	var sortedPaginationRequest utils.SortedPaginationRequest
 	if err := c.ShouldBindQuery(&sortedPaginationRequest); err != nil {
diff --git a/backend/internal/controller/custom_claim_controller.go b/backend/internal/controller/custom_claim_controller.go
index bf0d9cba..762e3464 100644
--- a/backend/internal/controller/custom_claim_controller.go
+++ b/backend/internal/controller/custom_claim_controller.go
@@ -39,7 +39,7 @@ type CustomClaimController struct {
 // @Failure 403 {object} object "Forbidden"
 // @Failure 500 {object} object "Internal server error"
 // @Security BearerAuth
-// @Router /custom-claims/suggestions [get]
+// @Router /api/custom-claims/suggestions [get]
 func (ccc *CustomClaimController) getSuggestionsHandler(c *gin.Context) {
 	claims, err := ccc.customClaimService.GetSuggestions()
 	if err != nil {
@@ -59,7 +59,7 @@ func (ccc *CustomClaimController) getSuggestionsHandler(c *gin.Context) {
 // @Param userId path string true "User ID"
 // @Param claims body []dto.CustomClaimCreateDto true "List of custom claims to set for the user"
 // @Success 200 {array} dto.CustomClaimDto "Updated custom claims"
-// @Router /custom-claims/user/{userId} [put]
+// @Router /api/custom-claims/user/{userId} [put]
 func (ccc *CustomClaimController) UpdateCustomClaimsForUserHandler(c *gin.Context) {
 	var input []dto.CustomClaimCreateDto
 
@@ -94,7 +94,7 @@ func (ccc *CustomClaimController) UpdateCustomClaimsForUserHandler(c *gin.Contex
 // @Param claims body []dto.CustomClaimCreateDto true "List of custom claims to set for the user group"
 // @Success 200 {array} dto.CustomClaimDto "Updated custom claims"
 // @Security BearerAuth
-// @Router /custom-claims/user-group/{userGroupId} [put]
+// @Router /api/custom-claims/user-group/{userGroupId} [put]
 func (ccc *CustomClaimController) UpdateCustomClaimsForUserGroupHandler(c *gin.Context) {
 	var input []dto.CustomClaimCreateDto
 
diff --git a/backend/internal/controller/oidc_controller.go b/backend/internal/controller/oidc_controller.go
index 055cca15..be1bba12 100644
--- a/backend/internal/controller/oidc_controller.go
+++ b/backend/internal/controller/oidc_controller.go
@@ -61,7 +61,7 @@ type OidcController struct {
 // @Param request body dto.AuthorizeOidcClientRequestDto true "Authorization request parameters"
 // @Success 200 {object} dto.AuthorizeOidcClientResponseDto "Authorization code and callback URL"
 // @Security BearerAuth
-// @Router /oidc/authorize [post]
+// @Router /api/oidc/authorize [post]
 func (oc *OidcController) authorizeHandler(c *gin.Context) {
 	var input dto.AuthorizeOidcClientRequestDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -92,7 +92,7 @@ func (oc *OidcController) authorizeHandler(c *gin.Context) {
 // @Param request body dto.AuthorizationRequiredDto true "Authorization check parameters"
 // @Success 200 {object} object "{ \"authorizationRequired\": true/false }"
 // @Security BearerAuth
-// @Router /oidc/authorization-required [post]
+// @Router /api/oidc/authorization-required [post]
 func (oc *OidcController) authorizationConfirmationRequiredHandler(c *gin.Context) {
 	var input dto.AuthorizationRequiredDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -121,7 +121,7 @@ func (oc *OidcController) authorizationConfirmationRequiredHandler(c *gin.Contex
 // @Param grant_type formData string true "Grant type (must be 'authorization_code')"
 // @Param code_verifier formData string false "PKCE code verifier"
 // @Success 200 {object} object "{ \"id_token\": \"string\", \"access_token\": \"string\", \"token_type\": \"Bearer\" }"
-// @Router /oidc/token [post]
+// @Router /api/oidc/token [post]
 func (oc *OidcController) createTokensHandler(c *gin.Context) {
 	// Disable cors for this endpoint
 	c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
@@ -158,7 +158,7 @@ func (oc *OidcController) createTokensHandler(c *gin.Context) {
 // @Produce json
 // @Success 200 {object} object "User claims based on requested scopes"
 // @Security OAuth2AccessToken
-// @Router /oidc/userinfo [get]
+// @Router /api/oidc/userinfo [get]
 func (oc *OidcController) userInfoHandler(c *gin.Context) {
 	authHeaderSplit := strings.Split(c.GetHeader("Authorization"), " ")
 	if len(authHeaderSplit) != 2 {
@@ -192,7 +192,7 @@ func (oc *OidcController) userInfoHandler(c *gin.Context) {
 // @Produce json
 // @Success 200 {object} object "User claims based on requested scopes"
 // @Security OAuth2AccessToken
-// @Router /oidc/userinfo [post]
+// @Router /api/oidc/userinfo [post]
 func (oc *OidcController) userInfoHandlerPost(c *gin.Context) {
 	// Implementation is the same as GET
 }
@@ -207,7 +207,7 @@ func (oc *OidcController) userInfoHandlerPost(c *gin.Context) {
 // @Param post_logout_redirect_uri query string false "URL to redirect to after logout"
 // @Param state query string false "State parameter to include in the redirect"
 // @Success 302 "Redirect to post-logout URL or application logout page"
-// @Router /oidc/end-session [get]
+// @Router /api/oidc/end-session [get]
 func (oc *OidcController) EndSessionHandler(c *gin.Context) {
 	var input dto.OidcLogoutDto
 
@@ -256,7 +256,7 @@ func (oc *OidcController) EndSessionHandler(c *gin.Context) {
 // @Param post_logout_redirect_uri formData string false "URL to redirect to after logout"
 // @Param state formData string false "State parameter to include in the redirect"
 // @Success 302 "Redirect to post-logout URL or application logout page"
-// @Router /oidc/end-session [post]
+// @Router /api/oidc/end-session [post]
 func (oc *OidcController) EndSessionHandlerPost(c *gin.Context) {
 	// Implementation is the same as GET
 }
@@ -268,7 +268,7 @@ func (oc *OidcController) EndSessionHandlerPost(c *gin.Context) {
 // @Produce json
 // @Param id path string true "Client ID"
 // @Success 200 {object} dto.OidcClientMetaDataDto "Client metadata"
-// @Router /oidc/clients/{id}/meta [get]
+// @Router /api/oidc/clients/{id}/meta [get]
 func (oc *OidcController) getClientMetaDataHandler(c *gin.Context) {
 	clientId := c.Param("id")
 	client, err := oc.oidcService.GetClient(clientId)
@@ -295,7 +295,7 @@ func (oc *OidcController) getClientMetaDataHandler(c *gin.Context) {
 // @Param id path string true "Client ID"
 // @Success 200 {object} dto.OidcClientWithAllowedUserGroupsDto "Client information"
 // @Security BearerAuth
-// @Router /oidc/clients/{id} [get]
+// @Router /api/oidc/clients/{id} [get]
 func (oc *OidcController) getClientHandler(c *gin.Context) {
 	clientId := c.Param("id")
 	client, err := oc.oidcService.GetClient(clientId)
@@ -325,7 +325,7 @@ func (oc *OidcController) getClientHandler(c *gin.Context) {
 // @Param sort_direction query string false "Sort direction (asc or desc)" default("asc")
 // @Success 200 {object} dto.Paginated[dto.OidcClientDto]
 // @Security BearerAuth
-// @Router /oidc/clients [get]
+// @Router /api/oidc/clients [get]
 func (oc *OidcController) listClientsHandler(c *gin.Context) {
 	searchTerm := c.Query("search")
 	var sortedPaginationRequest utils.SortedPaginationRequest
@@ -361,7 +361,7 @@ func (oc *OidcController) listClientsHandler(c *gin.Context) {
 // @Param client body dto.OidcClientCreateDto true "Client information"
 // @Success 201 {object} dto.OidcClientWithAllowedUserGroupsDto "Created client"
 // @Security BearerAuth
-// @Router /oidc/clients [post]
+// @Router /api/oidc/clients [post]
 func (oc *OidcController) createClientHandler(c *gin.Context) {
 	var input dto.OidcClientCreateDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -391,7 +391,7 @@ func (oc *OidcController) createClientHandler(c *gin.Context) {
 // @Param id path string true "Client ID"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /oidc/clients/{id} [delete]
+// @Router /api/oidc/clients/{id} [delete]
 func (oc *OidcController) deleteClientHandler(c *gin.Context) {
 	err := oc.oidcService.DeleteClient(c.Param("id"))
 	if err != nil {
@@ -412,7 +412,7 @@ func (oc *OidcController) deleteClientHandler(c *gin.Context) {
 // @Param client body dto.OidcClientCreateDto true "Client information"
 // @Success 200 {object} dto.OidcClientWithAllowedUserGroupsDto "Updated client"
 // @Security BearerAuth
-// @Router /oidc/clients/{id} [put]
+// @Router /api/oidc/clients/{id} [put]
 func (oc *OidcController) updateClientHandler(c *gin.Context) {
 	var input dto.OidcClientCreateDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -443,7 +443,7 @@ func (oc *OidcController) updateClientHandler(c *gin.Context) {
 // @Param id path string true "Client ID"
 // @Success 200 {object} object "{ \"secret\": \"string\" }"
 // @Security BearerAuth
-// @Router /oidc/clients/{id}/secret [post]
+// @Router /api/oidc/clients/{id}/secret [post]
 func (oc *OidcController) createClientSecretHandler(c *gin.Context) {
 	secret, err := oc.oidcService.CreateClientSecret(c.Param("id"))
 	if err != nil {
@@ -463,7 +463,7 @@ func (oc *OidcController) createClientSecretHandler(c *gin.Context) {
 // @Produce image/svg+xml
 // @Param id path string true "Client ID"
 // @Success 200 {file} binary "Logo image"
-// @Router /oidc/clients/{id}/logo [get]
+// @Router /api/oidc/clients/{id}/logo [get]
 func (oc *OidcController) getClientLogoHandler(c *gin.Context) {
 	imagePath, mimeType, err := oc.oidcService.GetClientLogo(c.Param("id"))
 	if err != nil {
@@ -484,7 +484,7 @@ func (oc *OidcController) getClientLogoHandler(c *gin.Context) {
 // @Param file formData file true "Logo image file (PNG, JPG, or SVG, max 2MB)"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /oidc/clients/{id}/logo [post]
+// @Router /api/oidc/clients/{id}/logo [post]
 func (oc *OidcController) updateClientLogoHandler(c *gin.Context) {
 	file, err := c.FormFile("file")
 	if err != nil {
@@ -508,7 +508,7 @@ func (oc *OidcController) updateClientLogoHandler(c *gin.Context) {
 // @Param id path string true "Client ID"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /oidc/clients/{id}/logo [delete]
+// @Router /api/oidc/clients/{id}/logo [delete]
 func (oc *OidcController) deleteClientLogoHandler(c *gin.Context) {
 	err := oc.oidcService.DeleteClientLogo(c.Param("id"))
 	if err != nil {
@@ -529,7 +529,7 @@ func (oc *OidcController) deleteClientLogoHandler(c *gin.Context) {
 // @Param groups body dto.OidcUpdateAllowedUserGroupsDto true "User group IDs"
 // @Success 200 {object} dto.OidcClientDto "Updated client"
 // @Security BearerAuth
-// @Router /oidc/clients/{id}/allowed-user-groups [put]
+// @Router /api/oidc/clients/{id}/allowed-user-groups [put]
 func (oc *OidcController) updateAllowedUserGroupsHandler(c *gin.Context) {
 	var input dto.OidcUpdateAllowedUserGroupsDto
 	if err := c.ShouldBindJSON(&input); err != nil {
diff --git a/backend/internal/controller/user_controller.go b/backend/internal/controller/user_controller.go
index 9dede1ed..4df986b4 100644
--- a/backend/internal/controller/user_controller.go
+++ b/backend/internal/controller/user_controller.go
@@ -63,7 +63,7 @@ type UserController struct {
 // @Tags Users,User Groups
 // @Param id path string true "User ID"
 // @Success 200 {array} dto.UserGroupDtoWithUsers
-// @Router /users/{id}/groups [get]
+// @Router /api/users/{id}/groups [get]
 func (uc *UserController) getUserGroupsHandler(c *gin.Context) {
 	userID := c.Param("id")
 	groups, err := uc.userService.GetUserGroups(userID)
@@ -91,7 +91,7 @@ func (uc *UserController) getUserGroupsHandler(c *gin.Context) {
 // @Param sort_column query string false "Column to sort by" default("created_at")
 // @Param sort_direction query string false "Sort direction (asc or desc)" default("desc")
 // @Success 200 {object} dto.Paginated[dto.UserDto]
-// @Router /users [get]
+// @Router /api/users [get]
 func (uc *UserController) listUsersHandler(c *gin.Context) {
 	searchTerm := c.Query("search")
 	var sortedPaginationRequest utils.SortedPaginationRequest
@@ -124,7 +124,7 @@ func (uc *UserController) listUsersHandler(c *gin.Context) {
 // @Tags Users
 // @Param id path string true "User ID"
 // @Success 200 {object} dto.UserDto
-// @Router /users/{id} [get]
+// @Router /api/users/{id} [get]
 func (uc *UserController) getUserHandler(c *gin.Context) {
 	user, err := uc.userService.GetUser(c.Param("id"))
 	if err != nil {
@@ -146,7 +146,7 @@ func (uc *UserController) getUserHandler(c *gin.Context) {
 // @Description Retrieve information about the currently authenticated user
 // @Tags Users
 // @Success 200 {object} dto.UserDto
-// @Router /users/me [get]
+// @Router /api/users/me [get]
 func (uc *UserController) getCurrentUserHandler(c *gin.Context) {
 	user, err := uc.userService.GetUser(c.GetString("userID"))
 	if err != nil {
@@ -169,7 +169,7 @@ func (uc *UserController) getCurrentUserHandler(c *gin.Context) {
 // @Tags Users
 // @Param id path string true "User ID"
 // @Success 204 "No Content"
-// @Router /users/{id} [delete]
+// @Router /api/users/{id} [delete]
 func (uc *UserController) deleteUserHandler(c *gin.Context) {
 	if err := uc.userService.DeleteUser(c.Param("id")); err != nil {
 		c.Error(err)
@@ -185,7 +185,7 @@ func (uc *UserController) deleteUserHandler(c *gin.Context) {
 // @Tags Users
 // @Param user body dto.UserCreateDto true "User information"
 // @Success 201 {object} dto.UserDto
-// @Router /users [post]
+// @Router /api/users [post]
 func (uc *UserController) createUserHandler(c *gin.Context) {
 	var input dto.UserCreateDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -215,7 +215,7 @@ func (uc *UserController) createUserHandler(c *gin.Context) {
 // @Param id path string true "User ID"
 // @Param user body dto.UserCreateDto true "User information"
 // @Success 200 {object} dto.UserDto
-// @Router /users/{id} [put]
+// @Router /api/users/{id} [put]
 func (uc *UserController) updateUserHandler(c *gin.Context) {
 	uc.updateUser(c, false)
 }
@@ -226,7 +226,7 @@ func (uc *UserController) updateUserHandler(c *gin.Context) {
 // @Tags Users
 // @Param user body dto.UserCreateDto true "User information"
 // @Success 200 {object} dto.UserDto
-// @Router /users/me [put]
+// @Router /api/users/me [put]
 func (uc *UserController) updateCurrentUserHandler(c *gin.Context) {
 	if uc.appConfigService.DbConfig.AllowOwnAccountEdit.Value != "true" {
 		c.Error(&common.AccountEditNotAllowedError{})
@@ -242,7 +242,7 @@ func (uc *UserController) updateCurrentUserHandler(c *gin.Context) {
 // @Produce image/png
 // @Param id path string true "User ID"
 // @Success 200 {file} binary "PNG image"
-// @Router /users/{id}/profile-picture.png [get]
+// @Router /api/users/{id}/profile-picture.png [get]
 func (uc *UserController) getUserProfilePictureHandler(c *gin.Context) {
 	userID := c.Param("id")
 
@@ -266,7 +266,7 @@ func (uc *UserController) getUserProfilePictureHandler(c *gin.Context) {
 // @Param id path string true "User ID"
 // @Param file formData file true "Profile picture image file (PNG, JPG, or JPEG)"
 // @Success 204 "No Content"
-// @Router /users/{id}/profile-picture [put]
+// @Router /api/users/{id}/profile-picture [put]
 func (uc *UserController) updateUserProfilePictureHandler(c *gin.Context) {
 	userID := c.Param("id")
 	fileHeader, err := c.FormFile("file")
@@ -297,7 +297,7 @@ func (uc *UserController) updateUserProfilePictureHandler(c *gin.Context) {
 // @Produce json
 // @Param file formData file true "Profile picture image file (PNG, JPG, or JPEG)"
 // @Success 204 "No Content"
-// @Router /users/me/profile-picture [put]
+// @Router /api/users/me/profile-picture [put]
 func (uc *UserController) updateCurrentUserProfilePictureHandler(c *gin.Context) {
 	userID := c.GetString("userID")
 	fileHeader, err := c.FormFile("file")
@@ -346,7 +346,7 @@ func (uc *UserController) createOneTimeAccessTokenHandler(c *gin.Context, own bo
 // @Param id path string true "User ID"
 // @Param body body dto.OneTimeAccessTokenCreateDto true "Token options"
 // @Success 201 {object} object "{ \"token\": \"string\" }"
-// @Router /users/{id}/one-time-access-token [post]
+// @Router /api/users/{id}/one-time-access-token [post]
 func (uc *UserController) createOwnOneTimeAccessTokenHandler(c *gin.Context) {
 	uc.createOneTimeAccessTokenHandler(c, true)
 }
@@ -377,7 +377,7 @@ func (uc *UserController) requestOneTimeAccessEmailHandler(c *gin.Context) {
 // @Tags Users
 // @Param token path string true "One-time access token"
 // @Success 200 {object} dto.UserDto
-// @Router /one-time-access-token/{token} [post]
+// @Router /api/one-time-access-token/{token} [post]
 func (uc *UserController) exchangeOneTimeAccessTokenHandler(c *gin.Context) {
 	user, token, err := uc.userService.ExchangeOneTimeAccessToken(c.Param("token"), c.ClientIP(), c.Request.UserAgent())
 	if err != nil {
@@ -403,7 +403,7 @@ func (uc *UserController) exchangeOneTimeAccessTokenHandler(c *gin.Context) {
 // @Description Generate setup access token for initial admin user configuration
 // @Tags Users
 // @Success 200 {object} dto.UserDto
-// @Router /one-time-access-token/setup [post]
+// @Router /api/one-time-access-token/setup [post]
 func (uc *UserController) getSetupAccessTokenHandler(c *gin.Context) {
 	user, token, err := uc.userService.SetupInitialAdmin()
 	if err != nil {
@@ -431,7 +431,7 @@ func (uc *UserController) getSetupAccessTokenHandler(c *gin.Context) {
 // @Param id path string true "User ID"
 // @Param groups body dto.UserUpdateUserGroupDto true "User group IDs"
 // @Success 200 {object} dto.UserDto
-// @Router /users/{id}/user-groups [put]
+// @Router /api/users/{id}/user-groups [put]
 func (uc *UserController) updateUserGroups(c *gin.Context) {
 	var input dto.UserUpdateUserGroupDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -491,7 +491,7 @@ func (uc *UserController) updateUser(c *gin.Context, updateOwnUser bool) {
 // @Produce json
 // @Param id path string true "User ID"
 // @Success 204 "No Content"
-// @Router /users/{id}/profile-picture [delete]
+// @Router /api/users/{id}/profile-picture [delete]
 func (uc *UserController) resetUserProfilePictureHandler(c *gin.Context) {
 	userID := c.Param("id")
 
@@ -509,7 +509,7 @@ func (uc *UserController) resetUserProfilePictureHandler(c *gin.Context) {
 // @Tags Users
 // @Produce json
 // @Success 204 "No Content"
-// @Router /users/me/profile-picture [delete]
+// @Router /api/users/me/profile-picture [delete]
 func (uc *UserController) resetCurrentUserProfilePictureHandler(c *gin.Context) {
 	userID := c.GetString("userID")
 
diff --git a/backend/internal/controller/user_group_controller.go b/backend/internal/controller/user_group_controller.go
index 4f2e22e2..da8bd34c 100644
--- a/backend/internal/controller/user_group_controller.go
+++ b/backend/internal/controller/user_group_controller.go
@@ -45,7 +45,7 @@ type UserGroupController struct {
 // @Param sort_column query string false "Column to sort by" default("name")
 // @Param sort_direction query string false "Sort direction (asc or desc)" default("asc")
 // @Success 200 {object} dto.Paginated[dto.UserGroupDtoWithUserCount]
-// @Router /user-groups [get]
+// @Router /api/user-groups [get]
 func (ugc *UserGroupController) list(c *gin.Context) {
 	searchTerm := c.Query("search")
 	var sortedPaginationRequest utils.SortedPaginationRequest
@@ -91,7 +91,7 @@ func (ugc *UserGroupController) list(c *gin.Context) {
 // @Param id path string true "User Group ID"
 // @Success 200 {object} dto.UserGroupDtoWithUsers
 // @Security BearerAuth
-// @Router /user-groups/{id} [get]
+// @Router /api/user-groups/{id} [get]
 func (ugc *UserGroupController) get(c *gin.Context) {
 	group, err := ugc.UserGroupService.Get(c.Param("id"))
 	if err != nil {
@@ -117,7 +117,7 @@ func (ugc *UserGroupController) get(c *gin.Context) {
 // @Param userGroup body dto.UserGroupCreateDto true "User group information"
 // @Success 201 {object} dto.UserGroupDtoWithUsers "Created user group"
 // @Security BearerAuth
-// @Router /user-groups [post]
+// @Router /api/user-groups [post]
 func (ugc *UserGroupController) create(c *gin.Context) {
 	var input dto.UserGroupCreateDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -150,7 +150,7 @@ func (ugc *UserGroupController) create(c *gin.Context) {
 // @Param userGroup body dto.UserGroupCreateDto true "User group information"
 // @Success 200 {object} dto.UserGroupDtoWithUsers "Updated user group"
 // @Security BearerAuth
-// @Router /user-groups/{id} [put]
+// @Router /api/user-groups/{id} [put]
 func (ugc *UserGroupController) update(c *gin.Context) {
 	var input dto.UserGroupCreateDto
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -182,7 +182,7 @@ func (ugc *UserGroupController) update(c *gin.Context) {
 // @Param id path string true "User Group ID"
 // @Success 204 "No Content"
 // @Security BearerAuth
-// @Router /user-groups/{id} [delete]
+// @Router /api/user-groups/{id} [delete]
 func (ugc *UserGroupController) delete(c *gin.Context) {
 	if err := ugc.UserGroupService.Delete(c.Param("id")); err != nil {
 		c.Error(err)
@@ -202,7 +202,7 @@ func (ugc *UserGroupController) delete(c *gin.Context) {
 // @Param users body dto.UserGroupUpdateUsersDto true "List of user IDs to assign to this group"
 // @Success 200 {object} dto.UserGroupDtoWithUsers
 // @Security BearerAuth
-// @Router /user-groups/{id}/users [put]
+// @Router /api/user-groups/{id}/users [put]
 func (ugc *UserGroupController) updateUsers(c *gin.Context) {
 	var input dto.UserGroupUpdateUsersDto
 	if err := c.ShouldBindJSON(&input); err != nil {