diff --git a/api/src/config.js b/api/src/config.js
index fc1d5d29..5f3e52cc 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -34,10 +34,15 @@ const env = {
 
     externalProxy: process.env.API_EXTERNAL_PROXY,
 
+    turnstileSitekey: process.env.TURNSTILE_SITEKEY,
     turnstileSecret: process.env.TURNSTILE_SECRET,
     jwtSecret: process.env.JWT_SECRET,
     jwtLifetime: process.env.JWT_EXPIRY || 120,
 
+    sessionEnabled: process.env.TURNSTILE_SITEKEY
+                        && process.env.TURNSTILE_SECRET
+                        && process.env.JWT_SECRET,
+
     enabledServices,
 }
 
diff --git a/api/src/core/api.js b/api/src/core/api.js
index 51ec1697..32bd23ce 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -49,6 +49,7 @@ export const runAPI = (express, app, __dirname) => {
             url: env.apiURL,
             startTime: `${startTimestamp}`,
             durationLimit: env.durationLimit,
+            turnstileSitekey: env.sessionEnabled ? env.turnstileSitekey : undefined,
             services: [...env.enabledServices].map(e => {
                 return friendlyServiceName(e);
             }),
@@ -106,7 +107,7 @@ export const runAPI = (express, app, __dirname) => {
     app.use('/tunnel', apiLimiterStream);
 
     app.post('/', (req, res, next) => {
-        if (!env.turnstileSecret || !env.jwtSecret) {
+        if (!env.sessionEnabled) {
             return next();
         }
 
@@ -156,7 +157,7 @@ export const runAPI = (express, app, __dirname) => {
     });
 
     app.post("/session", async (req, res) => {
-        if (!env.turnstileSecret || !env.jwtSecret) {
+        if (!env.sessionEnabled) {
             return fail(res, "error.api.auth.not_configured")
         }