diff --git a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
index ec87b8e8..eb19802f 100644
--- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
@@ -193,8 +193,10 @@ class SecurityConfig {
                 authorize(GET, "/users/*/header.jpg", permitAll)
 
                 authorize(GET, "/api/v1/accounts/verify_credentials", hasAnyScope("read", "read:accounts"))
+                authorize(GET, "/api/v1/accounts/relationships", hasAnyScope("read", "read:follows"))
                 authorize(GET, "/api/v1/accounts/*", permitAll)
                 authorize(GET, "/api/v1/accounts/*/statuses", permitAll)
+                authorize(POST, "/api/v1/accounts/*/follow", hasAnyScope("write", "write:follows"))
 
                 authorize(POST, "/api/v1/media", hasAnyScope("write", "write:media"))
                 authorize(POST, "/api/v1/statuses", hasAnyScope("write", "write:statuses"))