diff --git a/internal/api/middleware/authn/authn.go b/internal/api/middleware/authn/authn.go
index ad645d88b..d3c7eae20 100644
--- a/internal/api/middleware/authn/authn.go
+++ b/internal/api/middleware/authn/authn.go
@@ -19,25 +19,25 @@ import (
 // Attempt returns an http.HandlerFunc middleware that authenticates
 // the http.Request if authentication payload is available.
 func Attempt(authenticator authn.Authenticator) func(http.Handler) http.Handler {
-	return performAuthentication(authenticator, false)
+	return performAuthentication(authenticator, false, authn.AuthGitCaller)
 }
 
 // Required returns an http.HandlerFunc middleware that authenticates
 // the http.Request and fails the request if no auth data was available.
 func Required(authenticator authn.Authenticator) func(http.Handler) http.Handler {
-	return performAuthentication(authenticator, true)
+	return performAuthentication(authenticator, true, authn.AuthAPICaller)
 }
 
 // performAuthentication returns an http.HandlerFunc middleware that authenticates
 // the http.Request if authentication payload is available.
 // Depending on whether it is required or not, the request will be failed.
-func performAuthentication(authenticator authn.Authenticator, required bool) func(http.Handler) http.Handler {
+func performAuthentication(authenticator authn.Authenticator, required bool, caller authn.APICaller) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 			log := hlog.FromRequest(r)
 
-			session, err := authenticator.Authenticate(r)
+			session, err := authenticator.Authenticate(r, caller)
 
 			if errors.Is(err, authn.ErrNoAuthData) {
 				if required {
diff --git a/internal/auth/authn/authenticator.go b/internal/auth/authn/authenticator.go
index fd157da1f..a63e4c13d 100644
--- a/internal/auth/authn/authenticator.go
+++ b/internal/auth/authn/authenticator.go
@@ -14,6 +14,16 @@ import (
 var (
 	// ErrNoAuthData that is returned if the authorizer doesn't find any data in the request that can be used for auth.
 	ErrNoAuthData = errors.New("the request doesn't contain any auth data that can be used by the Authorizer")
+	// ErrNotAcceptedAuthData that is returned if the request is using an auth data that is not accepted by the authorizer.
+	// e.g, don't accept jwt (without allowedURI field) for git clone/pull request.
+	ErrNotAcceptedAuthMethod = errors.New("the request contains auth method that is not accepted by the Authorizer")
+)
+
+type APICaller string
+
+const (
+	AuthAPICaller APICaller = "api"
+	AuthGitCaller APICaller = "git"
 )
 
 // Authenticator is an abstraction of an entity that's responsible for authenticating principals
@@ -26,5 +36,5 @@ type Authenticator interface {
 	 *		(nil, ErrNoAuthData)	- request doesn't contain any auth data
 	 *		(nil, err)  			- request contains auth data but verification failed
 	 */
-	Authenticate(r *http.Request) (*auth.Session, error)
+	Authenticate(r *http.Request, caller APICaller) (*auth.Session, error)
 }
diff --git a/internal/auth/authn/token.go b/internal/auth/authn/token.go
index 75d9e87f1..b2dc748f3 100644
--- a/internal/auth/authn/token.go
+++ b/internal/auth/authn/token.go
@@ -38,7 +38,7 @@ func NewTokenAuthenticator(
 	}
 }
 
-func (a *TokenAuthenticator) Authenticate(r *http.Request) (*auth.Session, error) {
+func (a *TokenAuthenticator) Authenticate(r *http.Request, caller APICaller) (*auth.Session, error) {
 	ctx := r.Context()
 	str := extractToken(r)