diff --git a/lib/mvcfronk/mfBase/mfBaseApicontroller.php b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
index 33f21a373..f0d82e60d 100644
--- a/lib/mvcfronk/mfBase/mfBaseApicontroller.php
+++ b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
@@ -48,13 +48,6 @@ class mfBaseApicontroller {
 			$this->init();
 		}
     
-    if($this->requireAuth) {
-      $this->authenticateUser();
-      if(method_exists($this,"authenticated")) {
-        $this->authenticated();
-      }
-    }
-    
     // Apicontroller should add allowed hostnames with $this->addAllowedOrigin()
     $this->createCorsHeaders();
     
@@ -64,6 +57,15 @@ class mfBaseApicontroller {
       $this->return(mfResponse::Ok());
     }
     
+    if($this->requireAuth) {
+      $this->authenticateUser();
+      if(method_exists($this,"authenticated")) {
+        $this->authenticated();
+      }
+    }
+    
+    
+    
     // route to action
     $this->route = $params['apicall'].((array_key_exists("apiparams", $params)) ? $params['apiparams'] : "");
     $responseData = $this->runRoute($this->route);