diff --git a/EnvelopeGenerator.Server/EnvelopeGenerator.Server/EnvelopeGenerator.Server.csproj b/EnvelopeGenerator.Server/EnvelopeGenerator.Server/EnvelopeGenerator.Server.csproj
index 62f114a9..c27b4247 100644
--- a/EnvelopeGenerator.Server/EnvelopeGenerator.Server/EnvelopeGenerator.Server.csproj
+++ b/EnvelopeGenerator.Server/EnvelopeGenerator.Server/EnvelopeGenerator.Server.csproj
@@ -42,6 +42,7 @@
     <PackageReference Include="System.DirectoryServices" Version="8.0.0" />
     <PackageReference Include="System.DirectoryServices.AccountManagement" Version="8.0.1" />
     <PackageReference Include="System.DirectoryServices.Protocols" Version="8.0.1" />
+    <PackageReference Include="Yarp.ReverseProxy" Version="2.3.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/EnvelopeGenerator.Server/EnvelopeGenerator.Server/Program.cs b/EnvelopeGenerator.Server/EnvelopeGenerator.Server/Program.cs
index 8fe5acf8..0ed711b3 100644
--- a/EnvelopeGenerator.Server/EnvelopeGenerator.Server/Program.cs
+++ b/EnvelopeGenerator.Server/EnvelopeGenerator.Server/Program.cs
@@ -32,6 +32,9 @@ try
 {
     var builder = WebApplication.CreateBuilder(args);
 
+    // Load YARP configuration from yarp.json
+    builder.Configuration.AddJsonFile("yarp.json", optional: true, reloadOnChange: true);
+
     builder.Logging.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
 
     if (!builder.Environment.IsDevelopment())
@@ -53,6 +56,10 @@ try
     builder.Services.AddControllers();
     builder.Services.AddHttpClient();
 
+    // YARP Reverse Proxy (for forwarding auth requests to AuthHub)
+    builder.Services.AddReverseProxy()
+        .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
+
     // HttpContextAccessor needed for SSR HttpClient configuration
     builder.Services.AddHttpContextAccessor();
 
@@ -370,6 +377,9 @@ try
     // API Controllers (map before Blazor routing)
     app.MapControllers();
 
+    // YARP Reverse Proxy - forwards unmatched requests to configured backends
+    app.MapReverseProxy();
+
     // Blazor routing
     app.MapRazorComponents<App>()
         .AddInteractiveServerRenderMode()
diff --git a/EnvelopeGenerator.Server/EnvelopeGenerator.Server/yarp.json b/EnvelopeGenerator.Server/EnvelopeGenerator.Server/yarp.json
index 63b6fb2e..d5bd365b 100644
--- a/EnvelopeGenerator.Server/EnvelopeGenerator.Server/yarp.json
+++ b/EnvelopeGenerator.Server/EnvelopeGenerator.Server/yarp.json
@@ -1,39 +1,39 @@
 {
   "ReverseProxy": {
     "Routes": {
-      "api-route": {
-        "ClusterId": "api-cluster",
+      "auth-login": {
+        "ClusterId": "auth-hub",
         "Match": {
-          "Path": "/api/{**catch-all}"
-        }
+          "Path": "/api/auth",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathSet": "/api/auth/sign-flow" }
+        ]
       },
-      "swagger-route": {
-        "ClusterId": "api-cluster",
+      "auth-envelope-receiver-login": {
+        "ClusterId": "auth-hub",
         "Match": {
-          "Path": "/swagger/{**catch-all}"
-        }
-      },
-      "openapi-route": {
-        "ClusterId": "api-cluster",
-        "Match": {
-          "Path": "/openapi/{**catch-all}"
-        }
-      },
-      "scalar-route": {
-        "ClusterId": "api-cluster",
-        "Match": {
-          "Path": "/scalar/{**catch-all}"
-        }
+          "Path": "/api/Auth/envelope-receiver/{key}",
+          "Methods": [ "POST" ]
+        },
+        "Transforms": [
+          { "PathPattern": "/api/auth/envelope-receiver/{key}" },
+          {
+            "QueryValueParameter": "cookie",
+            "Set": "true"
+          }
+        ]
       }
     },
     "Clusters": {
-      "api-cluster": {
+      "auth-hub": {
         "Destinations": {
-          "api-destination": {
-            "Address": "https://localhost:8088"
+          "primary": {
+            "Address": "https://localhost:9090"
           }
         }
       }
     }
   }
-}
+}
\ No newline at end of file