diff --git a/vibn-frontend/app/api/projects/route.ts b/vibn-frontend/app/api/projects/route.ts
index ffcf749..b4dbe6c 100644
--- a/vibn-frontend/app/api/projects/route.ts
+++ b/vibn-frontend/app/api/projects/route.ts
@@ -1,15 +1,22 @@
 import { NextResponse } from 'next/server';
-import { authSession } from "@/lib/auth/session-server";
-import { query } from '@/lib/db-postgres';
+import { requireWorkspacePrincipal } from "@/lib/auth/workspace-auth";
+import { query, queryOne } from '@/lib/db-postgres';
 
-export async function GET() {
+export async function GET(request: Request) {
   try {
-    const session = await authSession();
-    if (!session?.user?.email) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
+    // 1. Authenticate the Workspace API key or Browser Session
+    const principal = await requireWorkspacePrincipal(request);
+    if (principal instanceof NextResponse) return principal;
 
-    const email = session.user.email;
+    // 2. Fetch user email from principal.userId
+    const userRow = await queryOne<{ data: any }>(
+      `SELECT data FROM fs_users WHERE id = $1 LIMIT 1`,
+      [principal.userId]
+    );
+    const email = userRow?.data?.email;
+    if (!email) {
+      return NextResponse.json({ error: 'User email not found' }, { status: 404 });
+    }
 
     // Fetch projects joined on user email
     const projects = await query<any>(`