diff --git a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
index 4a906fd5c8138..7cd0f31c42d08 100644
--- a/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
+++ b/airflow/api_fastapi/core_api/openapi/v1-generated.yaml
@@ -56,6 +56,8 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/HTTPExceptionResponse'
+      security:
+      - OAuth2PasswordBearer: []
   /ui/dags/recent_dag_runs:
     get:
       tags:
diff --git a/airflow/api_fastapi/core_api/routes/ui/config.py b/airflow/api_fastapi/core_api/routes/ui/config.py
index a74e7911c2db5..23ac101578424 100644
--- a/airflow/api_fastapi/core_api/routes/ui/config.py
+++ b/airflow/api_fastapi/core_api/routes/ui/config.py
@@ -18,11 +18,12 @@
 
 from typing import Any
 
-from fastapi import status
+from fastapi import Depends, status
 
 from airflow.api_fastapi.common.router import AirflowRouter
 from airflow.api_fastapi.core_api.datamodels.ui.config import ConfigResponse
 from airflow.api_fastapi.core_api.openapi.exceptions import create_openapi_http_exception_doc
+from airflow.api_fastapi.core_api.security import requires_access_configuration
 from airflow.configuration import conf
 from airflow.settings import STATE_COLORS
 
@@ -49,6 +50,7 @@
 @config_router.get(
     "/config",
     responses=create_openapi_http_exception_doc([status.HTTP_404_NOT_FOUND]),
+    dependencies=[Depends(requires_access_configuration("GET"))],
 )
 def get_configs() -> ConfigResponse:
     """Get configs for UI."""
diff --git a/tests/api_fastapi/core_api/routes/ui/test_config.py b/tests/api_fastapi/core_api/routes/ui/test_config.py
index a25c09096457b..d6cd698901603 100644
--- a/tests/api_fastapi/core_api/routes/ui/test_config.py
+++ b/tests/api_fastapi/core_api/routes/ui/test_config.py
@@ -105,12 +105,21 @@ def mock_config_data():
             yield mock_conf
 
 
-def test_get_configs_basic(mock_config_data, test_client):
-    """
-    Test the /ui/config endpoint to verify response matches mock data.
-    """
+class TestGetConfig:
+    def test_should_response_200(self, mock_config_data, test_client):
+        """
+        Test the /ui/config endpoint to verify response matches mock data.
+        """
+
+        response = test_client.get("/ui/config")
+
+        assert response.status_code == 200
+        assert response.json() == mock_config_response
 
-    response = test_client.get("/ui/config")
+    def test_get_config_should_response_401(self, unauthenticated_test_client):
+        response = unauthenticated_test_client.get("/ui/config")
+        assert response.status_code == 401
 
-    assert response.status_code == 200
-    assert response.json() == mock_config_response
+    def test_get_config_should_response_403(self, unauthorized_test_client):
+        response = unauthorized_test_client.get("/ui/config")
+        assert response.status_code == 403