diff --git a/src/server.js b/src/server.js
index ee883da..842bf8e 100644
--- a/src/server.js
+++ b/src/server.js
@@ -141,9 +141,6 @@ const authenticate = (req, res, next) => {
   next();
 };
 
-// Apply authentication to all routes
-app.use(authenticate);
-
 // Helper function to handle YouTube enhanced errors
 function handleYouTubeError(error, res, defaultMessage = 'Operation failed') {
   if (error.isEnhanced && error.details) {
@@ -152,11 +149,14 @@ function handleYouTubeError(error, res, defaultMessage = 'Operation failed') {
   return res.status(500).json({ error: error.message || defaultMessage });
 }
 
-// Serve static files (HTML interface)
+// Serve static files (HTML interface) - BEFORE authentication to allow public access
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 app.use(express.static(path.join(__dirname, '../public')));
 
+// Apply authentication to all API routes (static files above are exempt)
+app.use(authenticate);
+
 // Serve downloaded files
 app.use('/files', express.static(OUTPUT_DIR));