diff --git a/frontend/app/api/products-create/route.ts b/frontend/app/api/products-create/route.ts
index 4bcb114d..55eafe50 100644
--- a/frontend/app/api/products-create/route.ts
+++ b/frontend/app/api/products-create/route.ts
@@ -1,7 +1,15 @@
-import { getAuthHeaders } from '../../lib/auth-headers';
+import { auth } from '../../auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
+async function getAuthHeaders(): Promise<Record<string, string>> {
+  const session = await auth();
+  if (!session?.accessToken) {
+    return {};
+  }
+  return { Authorization: `Bearer ${session.accessToken}` };
+}
+
 export async function POST(req: Request) {
   try {
     const body = await req.json();
diff --git a/frontend/app/api/products-update/[id]/route.ts b/frontend/app/api/products-update/[id]/route.ts
index 4a60f99b..81837983 100644
--- a/frontend/app/api/products-update/[id]/route.ts
+++ b/frontend/app/api/products-update/[id]/route.ts
@@ -1,7 +1,15 @@
-import { getAuthHeaders } from '../../lib/auth-headers';
+import { auth } from '../../../auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
+async function getAuthHeaders(): Promise<Record<string, string>> {
+  const session = await auth();
+  if (!session?.accessToken) {
+    return {};
+  }
+  return { Authorization: `Bearer ${session.accessToken}` };
+}
+
 export async function PATCH(
   req: Request,
   { params }: { params: { id: string } },