diff --git a/src/main/java/net/siegeln/cameleer/saas/config/ForwardAuthController.java b/src/main/java/net/siegeln/cameleer/saas/config/ForwardAuthController.java
new file mode 100644
index 0000000..0609155
--- /dev/null
+++ b/src/main/java/net/siegeln/cameleer/saas/config/ForwardAuthController.java
@@ -0,0 +1,43 @@
+package net.siegeln.cameleer.saas.config;
+
+import net.siegeln.cameleer.saas.auth.JwtService;
+import net.siegeln.cameleer.saas.tenant.TenantService;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+@RestController
+public class ForwardAuthController {
+
+    private final JwtService jwtService;
+    private final TenantService tenantService;
+
+    public ForwardAuthController(JwtService jwtService, TenantService tenantService) {
+        this.jwtService = jwtService;
+        this.tenantService = tenantService;
+    }
+
+    @GetMapping("/auth/verify")
+    public ResponseEntity<Void> verify(HttpServletRequest request) {
+        String authHeader = request.getHeader("Authorization");
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+            return ResponseEntity.status(401).build();
+        }
+
+        String token = authHeader.substring(7);
+
+        if (jwtService.isTokenValid(token)) {
+            String email = jwtService.extractEmail(token);
+            var userId = jwtService.extractUserId(token);
+
+            return ResponseEntity.ok()
+                    .header("X-User-Id", userId.toString())
+                    .header("X-User-Email", email)
+                    .build();
+        }
+
+        return ResponseEntity.status(401).build();
+    }
+}