diff --git a/packages/swift-platform-sdk/Sources/BLAuthClient.swift b/packages/swift-platform-sdk/Sources/BLAuthClient.swift
index 6bb27712..03a0d474 100644
--- a/packages/swift-platform-sdk/Sources/BLAuthClient.swift
+++ b/packages/swift-platform-sdk/Sources/BLAuthClient.swift
@@ -106,7 +106,7 @@ public final class BLAuthClient {
             "password": password,
             "productId": config.productId,
         ]
-        let (data, _) = try await client.rawRequest(path: "/auth/login", method: "POST", body: body)
+        let (data, _) = try await client.rawRequest(path: "/api/auth/login", method: "POST", body: body)
         let result = try JSONDecoder().decode(TokenResponse.self, from: data)
         saveTokens(access: result.accessToken, refresh: result.refreshToken)
         startRefreshTimer()
@@ -121,7 +121,7 @@ public final class BLAuthClient {
             "password": password,
             "productId": config.productId,
         ]
-        let (data, _) = try await client.rawRequest(path: "/auth/register", method: "POST", body: body)
+        let (data, _) = try await client.rawRequest(path: "/api/auth/register", method: "POST", body: body)
         let result = try JSONDecoder().decode(TokenResponse.self, from: data)
         saveTokens(access: result.accessToken, refresh: result.refreshToken)
         startRefreshTimer()
@@ -130,7 +130,7 @@ public final class BLAuthClient {
 
     /// Fetch current user profile.
     public func getMe() async throws -> BLAuthUser {
-        return try await client.request(path: "/auth/me", responseType: BLAuthUser.self)
+        return try await client.request(path: "/api/auth/me", responseType: BLAuthUser.self)
     }
 
     /// Refresh the access token using the stored refresh token.
@@ -140,7 +140,7 @@ public final class BLAuthClient {
         let body = ["refreshToken": rt]
 
         do {
-            let (data, _) = try await client.rawRequest(path: "/auth/refresh", method: "POST", body: body)
+            let (data, _) = try await client.rawRequest(path: "/api/auth/refresh", method: "POST", body: body)
             let result = try JSONDecoder().decode(RefreshResponse.self, from: data)
             saveTokens(access: result.accessToken, refresh: result.refreshToken)
             return true
@@ -155,37 +155,37 @@ public final class BLAuthClient {
     /// Request password reset email.
     public func forgotPassword(email: String) async throws {
         let body = ["email": email, "productId": config.productId]
-        _ = try await client.rawRequest(path: "/auth/forgot-password", method: "POST", body: body)
+        _ = try await client.rawRequest(path: "/api/auth/forgot-password", method: "POST", body: body)
     }
 
     /// Reset password with token.
     public func resetPassword(token: String, newPassword: String) async throws {
         let body = ["token": token, "newPassword": newPassword]
-        _ = try await client.rawRequest(path: "/auth/reset-password", method: "POST", body: body)
+        _ = try await client.rawRequest(path: "/api/auth/reset-password", method: "POST", body: body)
     }
 
     /// Change password (authenticated).
     public func changePassword(currentPassword: String, newPassword: String) async throws {
         let body = ["currentPassword": currentPassword, "newPassword": newPassword]
-        _ = try await client.rawRequest(path: "/auth/change-password", method: "POST", body: body)
+        _ = try await client.rawRequest(path: "/api/auth/change-password", method: "POST", body: body)
     }
 
     /// Verify email with token.
     public func verifyEmail(token: String) async throws {
         let body = ["token": token]
-        _ = try await client.rawRequest(path: "/auth/verify-email", method: "POST", body: body)
+        _ = try await client.rawRequest(path: "/api/auth/verify-email", method: "POST", body: body)
     }
 
     /// Resend verification email.
     public func resendVerification(email: String) async throws {
         let body = ["email": email, "productId": config.productId]
-        _ = try await client.rawRequest(path: "/auth/resend-verification", method: "POST", body: body)
+        _ = try await client.rawRequest(path: "/api/auth/resend-verification", method: "POST", body: body)
     }
 
     /// Delete account (requires password confirmation).
     public func deleteAccount(password: String) async throws {
         let body = ["password": password]
-        _ = try await client.rawRequest(path: "/auth/account", method: "DELETE", body: body)
+        _ = try await client.rawRequest(path: "/api/auth/account", method: "DELETE", body: body)
         logout()
     }
 
diff --git a/packages/swift-platform-sdk/Sources/BLTelemetryClient.swift b/packages/swift-platform-sdk/Sources/BLTelemetryClient.swift
index c27b242d..efa3da46 100644
--- a/packages/swift-platform-sdk/Sources/BLTelemetryClient.swift
+++ b/packages/swift-platform-sdk/Sources/BLTelemetryClient.swift
@@ -209,6 +209,6 @@ public final class BLTelemetryClient {
         ]
 
         guard let jsonData = try? JSONSerialization.data(withJSONObject: body) else { return }
-        client.fireAndForget(path: "/telemetry/events", body: jsonData)
+        client.fireAndForget(path: "/api/telemetry/events", body: jsonData)
     }
 }