diff --git a/app/routers/admin.py b/app/routers/admin.py
index 2c67ca2..431dc07 100644
--- a/app/routers/admin.py
+++ b/app/routers/admin.py
@@ -24,8 +24,8 @@ router = APIRouter(prefix="/admin", tags=["admin"])
 ADMIN_API_KEY = "Platform-Admin-2024!"   # in prod: from secret/env
 
 
-def _require_admin(x_admin_key: str = Header(...)):
-    if x_admin_key != ADMIN_API_KEY:
+def _require_admin(x_admin_key: Optional[str] = Header(default=None)):
+    if not x_admin_key or x_admin_key != ADMIN_API_KEY:
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")