diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
index bd88a255fa9..15762a23c4f 100644
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -93,7 +93,14 @@ export class App {
             const basicAuthMiddleware = basicAuth({
                 users: { [username]: password }
             })
-            const whitelistURLs = ['/api/v1/public-chatflows', '/api/v1/prediction/', '/api/v1/node-icon/', '/api/v1/chatflows-streaming']
+            const whitelistURLs = [
+                '/api/v1/verify/apikey/',
+                '/api/v1/chatflows/apikey/',
+                '/api/v1/public-chatflows',
+                '/api/v1/prediction/',
+                '/api/v1/node-icon/',
+                '/api/v1/chatflows-streaming'
+            ]
             this.app.use((req, res, next) => {
                 if (req.url.includes('/api/v1/')) {
                     whitelistURLs.some((url) => req.url.includes(url)) ? next() : basicAuthMiddleware(req, res, next)
@@ -187,6 +194,7 @@ export class App {
                     .createQueryBuilder('cf')
                     .where('cf.apikeyid = :apikeyid', { apikeyid: apiKey.id })
                     .orWhere('cf.apikeyid IS NULL')
+                    .orWhere('cf.apikeyid = ""')
                     .orderBy('cf.name', 'ASC')
                     .getMany()
                 if (chatflows.length >= 1) return res.status(200).send(chatflows)
@@ -502,7 +510,7 @@ export class App {
         })
 
         // Verify api key
-        this.app.get('/api/v1/apikey/:apiKey', async (req: Request, res: Response) => {
+        this.app.get('/api/v1/verify/apikey/:apiKey', async (req: Request, res: Response) => {
             try {
                 const apiKey = await getApiKey(req.params.apiKey)
                 if (!apiKey) return res.status(401).send('Unauthorized')