diff --git a/internal/api/middleware/auth.go b/internal/api/middleware/auth.go
index 4a1a689..164d8fb 100644
--- a/internal/api/middleware/auth.go
+++ b/internal/api/middleware/auth.go
@@ -35,6 +35,15 @@ var WhitelistedEndpoints = []*regexp.Regexp{
 func Auth(authService *service.AuthService, logger *zap.Logger) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Check if this is the /dicomWeb/studies POST request which should bypass auth
+			if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
+				logger.Info("Bypassing authentication for DICOM upload endpoint",
+					zap.String("path", r.URL.Path),
+					zap.String("method", r.Method))
+				next.ServeHTTP(w, r)
+				return
+			}
+
 			// Get authorization header
 			authHeader := r.Header.Get("Authorization")
 			if authHeader == "" {
@@ -136,6 +145,15 @@ func RoleRequired(roles ...string) func(http.Handler) http.Handler {
 func PatientViewRestriction(logger *zap.Logger) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Check if this is the /dicomWeb/studies POST request which should bypass restrictions
+			if r.URL.Path == "/dicomWeb/studies" && r.Method == http.MethodPost {
+				logger.Info("Bypassing patient view restriction for DICOM upload endpoint",
+					zap.String("path", r.URL.Path),
+					zap.String("method", r.Method))
+				next.ServeHTTP(w, r)
+				return
+			}
+
 			// Get claims from context using the defined key
 			claimsValue := r.Context().Value(ClaimsKey)
 			if claimsValue == nil {
diff --git a/internal/api/routes.go b/internal/api/routes.go
index db2292e..36257e4 100644
--- a/internal/api/routes.go
+++ b/internal/api/routes.go
@@ -134,6 +134,9 @@ func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler {
 
 				// Query routes - accessible by all roles
 				r.Get("/", dicomHandler.ForwardRequest) // Study list with filters
+
+				// DICOM upload endpoint - for pydicom-uploader service
+				r.Post("/", dicomHandler.ForwardRequest) // Upload studies
 			})
 
 			// Expertise doctors have full access to all DICOM endpoints
@@ -159,7 +162,7 @@ func SetupRouter(cfg *config.Config, logger *zap.Logger) http.Handler {
 		pydicomHandler := handlers.NewPydicomHandler(logger, shortLinkService, registerService)
 
 		// Add route for uploaded DICOM
-		r.Post("/uploaded_dicom", pydicomHandler.HandleUploadedDicom)
+		r.Post("/uploaded-dicom", pydicomHandler.HandleUploadedDicom)
 	})
 
 	return r