diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.Api/Program.cs b/TeachingRecordSystem/src/TeachingRecordSystem.Api/Program.cs
index 1e3572ea2..a2ea1d8da 100644
--- a/TeachingRecordSystem/src/TeachingRecordSystem.Api/Program.cs
+++ b/TeachingRecordSystem/src/TeachingRecordSystem.Api/Program.cs
@@ -298,7 +298,9 @@ public static void Main(string[] args)
 
         if (env.IsProduction())
         {
-            app.UseRateLimiter();
+            // Apply rate limiting to authenticated endpoints
+            // (i.e. everywhere except health check, status endpoints etc.)
+            app.UseWhen(ctx => ctx.User.Identity?.IsAuthenticated == true, x => x.UseRateLimiter());
         }
 
         app.Use((ctx, next) =>