diff --git a/src/api/server.js b/src/api/server.js
index 2b2c26e..5730b99 100644
--- a/src/api/server.js
+++ b/src/api/server.js
@@ -22,6 +22,8 @@ app.use(cors());
 app.use(bodyParser.json({ limit: '1mb' })); // Added body parser size limit
 
 // Basic authentication - only if credentials are set
+// Commenting out API-level Basic Auth as Caddy reverse proxy will handle it.
+/*
 if (USERNAME && PASSWORD) {
   app.use(basicAuth({
     users: { [USERNAME]: PASSWORD },
@@ -35,6 +37,7 @@ if (USERNAME && PASSWORD) {
   // A better approach for production would be to throw an error and exit:
   // throw new Error('Admin credentials not configured');
 }
+*/
 
 // Helper function for filename validation and path construction
 function getSafeFilePath(filename) {