diff --git a/bento_beacon/network/utils.py b/bento_beacon/network/utils.py
index 9a867bd..b7a26e8 100644
--- a/bento_beacon/network/utils.py
+++ b/bento_beacon/network/utils.py
@@ -48,7 +48,7 @@ def info_for_host_beacon():
             "variants": bento_overview.get("counts", {}).get("variants", {}),
             **biosample_and_experiment_stats,
         },
-        "querySections": get_katsu_config_search_fields().get("sections", []),
+        "querySections": get_katsu_config_search_fields(requires_auth="full").get("sections", []),
     }
 
 
diff --git a/bento_beacon/utils/katsu_utils.py b/bento_beacon/utils/katsu_utils.py
index 7839553..8dcea91 100644
--- a/bento_beacon/utils/katsu_utils.py
+++ b/bento_beacon/utils/katsu_utils.py
@@ -131,9 +131,11 @@ def search_from_config(config_filters):
     return response.get("matches", [])
 
 
-def get_katsu_config_search_fields():
-    # Use forwarded auth for getting available search fields, which may be limited based on access level
-    fields = katsu_get(current_app.config["KATSU_PUBLIC_CONFIG_ENDPOINT"], requires_auth="forwarded")
+def get_katsu_config_search_fields(requires_auth="forwarded"):
+    # standard forwarded auth for normal beacon requests
+    # "full" auth for beacon network init, which does not have a request context
+    # any network-specific search field censorship should be managed at the token level (or here)
+    fields = katsu_get(current_app.config["KATSU_PUBLIC_CONFIG_ENDPOINT"], requires_auth=requires_auth)
     current_app.config["KATSU_CONFIG_SEARCH_FIELDS"] = fields
     return fields