diff --git a/app.py b/app.py
index 23eeb645..2bc6d324 100644
--- a/app.py
+++ b/app.py
@@ -4,6 +4,8 @@ os.environ["NUMEXPR_MAX_THREADS"] = "12"
 
 from fastapi import FastAPI, HTTPException, Depends, Body, status, Response
 from fastapi.middleware.cors import CORSMiddleware
+from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
+from fastapi.security import HTTPBearer
 from contextlib import asynccontextmanager
 
 
@@ -268,8 +270,50 @@ app = FastAPI(
     title="PowerOn | Data Platform API",
     description=f"Backend API for the Multi-Agent Platform by ValueOn AG ({instanceLabel})",
     lifespan=lifespan,
+    swagger_ui_init_oauth={
+        "usePkceWithAuthorizationCodeGrant": True,
+    },
 )
 
+# Configure OpenAPI security scheme for Swagger UI
+# This adds the "Authorize" button to the /docs page
+security_scheme = HTTPBearer()
+app.openapi_schema = None  # Reset schema to regenerate with security
+
+
+def custom_openapi():
+    if app.openapi_schema:
+        return app.openapi_schema
+
+    from fastapi.openapi.utils import get_openapi
+
+    openapi_schema = get_openapi(
+        title=app.title,
+        version="1.0.0",
+        description=app.description,
+        routes=app.routes,
+    )
+
+    # Add security scheme definition
+    openapi_schema["components"]["securitySchemes"] = {
+        "BearerAuth": {
+            "type": "http",
+            "scheme": "bearer",
+            "bearerFormat": "JWT",
+            "description": "Enter your JWT token (obtained from login endpoint or browser cookies)",
+        }
+    }
+
+    # Apply security globally to all endpoints
+    # Individual endpoints can override this if needed
+    openapi_schema["security"] = [{"BearerAuth": []}]
+
+    app.openapi_schema = openapi_schema
+    return app.openapi_schema
+
+
+app.openapi = custom_openapi
+
 
 # Parse CORS origins from environment variable
 def get_allowed_origins():