diff --git a/src/main/java/com/productdock/adapter/in/web/GetBookApi.java b/src/main/java/com/productdock/adapter/in/web/GetBookApi.java
index 5ab79fa..3a53db9 100644
--- a/src/main/java/com/productdock/adapter/in/web/GetBookApi.java
+++ b/src/main/java/com/productdock/adapter/in/web/GetBookApi.java
@@ -9,7 +9,7 @@
 
 @Slf4j
 @RestController
-@RequestMapping("/api/catalog/books")
+@RequestMapping({"/api/catalog/books", "/api/catalog/internal/books"})
 record GetBookApi(GetBookQuery getBookQuery, GetBookDtoMapper getBookDtoMapper) {
 
     @GetMapping("/{bookId}")
diff --git a/src/main/java/com/productdock/adapter/out/web/RentalsApiClient.java b/src/main/java/com/productdock/adapter/out/web/RentalsApiClient.java
index 7cf12db..0b5e7f0 100644
--- a/src/main/java/com/productdock/adapter/out/web/RentalsApiClient.java
+++ b/src/main/java/com/productdock/adapter/out/web/RentalsApiClient.java
@@ -27,7 +27,7 @@ public class RentalsApiClient implements RentalsClient {
 
     private ObjectMapper objectMapper = new ObjectMapper();
 
-    public RentalsApiClient(@Value("${rental.service.url}/api/rental/book/") String rentalsServiceUrl) {
+    public RentalsApiClient(@Value("${rental.service.url}/api/rental/books/") String rentalsServiceUrl) {
         this.rentalsServiceUrl = rentalsServiceUrl;
     }
 
diff --git a/src/main/java/com/productdock/config/SecurityConfig.java b/src/main/java/com/productdock/config/SecurityConfig.java
index 4718de3..c9a194a 100644
--- a/src/main/java/com/productdock/config/SecurityConfig.java
+++ b/src/main/java/com/productdock/config/SecurityConfig.java
@@ -16,7 +16,7 @@
 @RequiredArgsConstructor
 @Configuration
 public class SecurityConfig {
-    
+
     private static final String ROLE_ADMIN = "SCOPE_ROLE_ADMIN";
 
     @Value("${jwt.public.key}")
@@ -27,6 +27,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http.authorizeRequests(authorize -> authorize.antMatchers("/actuator/**").permitAll()
                         .antMatchers(HttpMethod.POST, "/api/catalog/books").hasAuthority(ROLE_ADMIN)
                         .antMatchers(HttpMethod.DELETE, "/api/catalog/books/{bookId}").hasAuthority(ROLE_ADMIN)
+                        .antMatchers("/api/catalog/internal/**").permitAll()
                         .anyRequest().authenticated())
                 .cors().and()
                 .oauth2ResourceServer().jwt();