diff --git a/packages/cli/config/index.ts b/packages/cli/config/index.ts
index 5d66a1b3bb..f6d82afaf0 100644
--- a/packages/cli/config/index.ts
+++ b/packages/cli/config/index.ts
@@ -300,6 +300,12 @@ const config = convict({
 	},
 
 	security: {
+		excludeEndpoints: {
+			doc: 'Additional endpoints to exclude auth checks. Multiple endpoints can be separated by colon (":")',
+			format: String,
+			default: '',
+			env: 'N8N_AUTH_EXCLUDE_ENDPOINTS'
+		},
 		basicAuth: {
 			active: {
 				format: 'Boolean',
diff --git a/packages/cli/src/Server.ts b/packages/cli/src/Server.ts
index eb1c56d7da..711a15d610 100644
--- a/packages/cli/src/Server.ts
+++ b/packages/cli/src/Server.ts
@@ -172,8 +172,13 @@ class App {
 	async config(): Promise<void> {
 
 		this.versions = await GenericHelpers.getVersions();
-		const ignoredEndpoints = _(['healthz', this.endpointWebhook, this.endpointWebhookTest, this.endpointPresetCredentials]).compact().join('|');
-		const authIgnoreRegex = new RegExp(`^\/(${ignoredEndpoints})\/?.*$`);
+
+		const excludeEndpoints = config.get('security.excludeEndpoints') as string;
+
+		const ignoredEndpoints = ['healthz', this.endpointWebhook, this.endpointWebhookTest, this.endpointPresetCredentials];
+		ignoredEndpoints.push.apply(ignoredEndpoints, excludeEndpoints.split(':'));
+
+		const authIgnoreRegex = new RegExp(`^\/(${_(ignoredEndpoints).compact().join('|')})\/?.*$`);
 
 		// Check for basic auth credentials if activated
 		const basicAuthActive = config.get('security.basicAuth.active') as boolean;