diff --git a/backend/src/main/java/de/szut/casino/security/SecurityConfig.java b/backend/src/main/java/de/szut/casino/security/SecurityConfig.java
index 5b4f4fc..c6cb6b8 100644
--- a/backend/src/main/java/de/szut/casino/security/SecurityConfig.java
+++ b/backend/src/main/java/de/szut/casino/security/SecurityConfig.java
@@ -23,7 +23,7 @@ public class SecurityConfig {
             .cors(Customizer.withDefaults())
             .csrf(csrf -> csrf.disable())
             .authorizeHttpRequests(auth -> {
-                auth.requestMatchers("/swagger/**", "/swagger-ui/**", "/health").permitAll()
+                auth.requestMatchers("/webhook", "/swagger/**", "/swagger-ui/**", "/health").permitAll()
                     .anyRequest().authenticated();
                 })
                 .oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt ->