diff --git a/internal/client-go/api_identity.go b/internal/client-go/api_identity.go
index da484ae8ba99..973bd75575b6 100644
--- a/internal/client-go/api_identity.go
+++ b/internal/client-go/api_identity.go
@@ -504,6 +504,20 @@ func (a *IdentityApiService) CreateRecoveryCodeForIdentityExecute(r IdentityApiA
 	}
 	// body params
 	localVarPostBody = r.createRecoveryCodeForIdentityBody
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return localVarReturnValue, nil, err
@@ -642,6 +656,20 @@ func (a *IdentityApiService) CreateRecoveryLinkForIdentityExecute(r IdentityApiA
 	}
 	// body params
 	localVarPostBody = r.createRecoveryLinkForIdentityBody
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return localVarReturnValue, nil, err
@@ -1045,6 +1073,20 @@ func (a *IdentityApiService) DisableSessionExecute(r IdentityApiApiDisableSessio
 	if localVarHTTPHeaderAccept != "" {
 		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
 	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return nil, err
diff --git a/internal/httpclient/api_identity.go b/internal/httpclient/api_identity.go
index da484ae8ba99..973bd75575b6 100644
--- a/internal/httpclient/api_identity.go
+++ b/internal/httpclient/api_identity.go
@@ -504,6 +504,20 @@ func (a *IdentityApiService) CreateRecoveryCodeForIdentityExecute(r IdentityApiA
 	}
 	// body params
 	localVarPostBody = r.createRecoveryCodeForIdentityBody
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return localVarReturnValue, nil, err
@@ -642,6 +656,20 @@ func (a *IdentityApiService) CreateRecoveryLinkForIdentityExecute(r IdentityApiA
 	}
 	// body params
 	localVarPostBody = r.createRecoveryLinkForIdentityBody
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return localVarReturnValue, nil, err
@@ -1045,6 +1073,20 @@ func (a *IdentityApiService) DisableSessionExecute(r IdentityApiApiDisableSessio
 	if localVarHTTPHeaderAccept != "" {
 		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
 	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["oryAccessToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return nil, err
diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
index c33c007fc80f..d08239517c4d 100644
--- a/selfservice/strategy/code/strategy_recovery.go
+++ b/selfservice/strategy/code/strategy_recovery.go
@@ -139,6 +139,9 @@ type recoveryCodeForIdentity struct {
 //
 //	Schemes: http, https
 //
+//	Security:
+//		oryAccessToken:
+//
 //	Responses:
 //		201: recoveryCodeForIdentity
 //		400: errorGeneric
diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go
index 6c6c20106065..9de1ff5b7889 100644
--- a/selfservice/strategy/link/strategy_recovery.go
+++ b/selfservice/strategy/link/strategy_recovery.go
@@ -130,6 +130,9 @@ type recoveryLinkForIdentity struct {
 //
 //	Schemes: http, https
 //
+//	Security:
+//	  oryAccessToken:
+//
 //	Responses:
 //	  200: recoveryLinkForIdentity
 //	  400: errorGeneric
diff --git a/session/handler.go b/session/handler.go
index db5e284e378d..7fd773c1d117 100644
--- a/session/handler.go
+++ b/session/handler.go
@@ -465,11 +465,14 @@ type disableSession struct {
 //
 //	Schemes: http, https
 //
+//	Security:
+//		oryAccessToken:
+//
 //	Responses:
-//	  204: emptyResponse
-//	  400: errorGeneric
-//	  401: errorGeneric
-//	  default: errorGeneric
+//		204: emptyResponse
+//		400: errorGeneric
+//		401: errorGeneric
+//		default: errorGeneric
 func (h *Handler) disableSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	sID, err := uuid.FromString(ps.ByName("id"))
 	if err != nil {
diff --git a/spec/api.json b/spec/api.json
index 0f5ca52e110f..79eb568076f5 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -3841,6 +3841,11 @@
             "description": "errorGeneric"
           }
         },
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
         "summary": "Create a Recovery Code",
         "tags": [
           "identity"
@@ -3903,6 +3908,11 @@
             "description": "errorGeneric"
           }
         },
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
         "summary": "Create a Recovery Link",
         "tags": [
           "identity"
@@ -4044,6 +4054,11 @@
             "description": "errorGeneric"
           }
         },
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
         "summary": "Deactivate a Session",
         "tags": [
           "identity"
diff --git a/spec/swagger.json b/spec/swagger.json
index 0ce12c8bf903..c9629b342f40 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -660,6 +660,11 @@
     },
     "/admin/recovery/code": {
       "post": {
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
         "description": "This endpoint creates a recovery code which should be given to the user in order for them to recover\n(or activate) their account.",
         "consumes": [
           "application/json"
@@ -715,6 +720,11 @@
     },
     "/admin/recovery/link": {
       "post": {
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
         "description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.",
         "consumes": [
           "application/json"
@@ -902,6 +912,11 @@
         }
       },
       "delete": {
+        "security": [
+          {
+            "oryAccessToken": []
+          }
+        ],
         "description": "Calling this endpoint deactivates the specified session. Session data is not deleted.",
         "schemes": [
           "http",