diff --git a/ui/src/api/queries/commands.ts b/ui/src/api/queries/commands.ts
index 2f039603..b761e80e 100644
--- a/ui/src/api/queries/commands.ts
+++ b/ui/src/api/queries/commands.ts
@@ -1,5 +1,6 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { api } from '../client'
+import { useAuthStore } from '../../auth/auth-store'
 
 // ── Application Config ────────────────────────────────────────────────────
 
@@ -14,11 +15,20 @@ export interface ApplicationConfig {
   tracedProcessors: Record<string, string>
 }
 
+/** Authenticated fetch using the JWT from auth store */
+function authFetch(url: string, init?: RequestInit): Promise<Response> {
+  const token = useAuthStore.getState().accessToken
+  const headers = new Headers(init?.headers)
+  if (token) headers.set('Authorization', `Bearer ${token}`)
+  headers.set('X-Cameleer-Protocol-Version', '1')
+  return fetch(url, { ...init, headers })
+}
+
 export function useApplicationConfig(application: string | undefined) {
   return useQuery({
     queryKey: ['applicationConfig', application],
     queryFn: async () => {
-      const res = await fetch(`/api/v1/config/${application}`)
+      const res = await authFetch(`/api/v1/config/${application}`)
       if (!res.ok) throw new Error('Failed to fetch config')
       return res.json() as Promise<ApplicationConfig>
     },
@@ -30,7 +40,7 @@ export function useUpdateApplicationConfig() {
   const queryClient = useQueryClient()
   return useMutation({
     mutationFn: async (config: ApplicationConfig) => {
-      const res = await fetch(`/api/v1/config/${config.application}`, {
+      const res = await authFetch(`/api/v1/config/${config.application}`, {
         method: 'PUT',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify(config),