diff --git a/server/cmd/museum/main.go b/server/cmd/museum/main.go
index b017671e63..430e2c2c9d 100644
--- a/server/cmd/museum/main.go
+++ b/server/cmd/museum/main.go
@@ -600,6 +600,7 @@ func main() {
 	fileLinkApi.GET("/info", fileHandler.LinkInfo)
 	fileLinkApi.GET("/thumbnail", fileHandler.LinkThumbnail)
 	fileLinkApi.GET("/file", fileHandler.LinkFile)
+	fileLinkApi.POST("/verify-password", fileHandler.VerifyPassword)
 
 	publicCollectionAPI.GET("/files/preview/:fileID", publicCollectionHandler.GetThumbnail)
 	publicCollectionAPI.GET("/files/download/:fileID", publicCollectionHandler.GetFile)
diff --git a/server/pkg/api/file_url.go b/server/pkg/api/file_url.go
index 2c2ea87af7..f25e5750b5 100644
--- a/server/pkg/api/file_url.go
+++ b/server/pkg/api/file_url.go
@@ -88,6 +88,21 @@ func (h *FileHandler) GetUrls(c *gin.Context) {
 	})
 }
 
+// VerifyPassword verifies the password for given public access token and return signed jwt token if it's valid
+func (h *FileHandler) VerifyPassword(c *gin.Context) {
+	var req ente.VerifyPasswordRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		handler.Error(c, stacktrace.Propagate(err, ""))
+		return
+	}
+	resp, err := h.FileUrlCtrl.VerifyPassword(c, req)
+	if err != nil {
+		handler.Error(c, stacktrace.Propagate(err, ""))
+		return
+	}
+	c.JSON(http.StatusOK, resp)
+}
+
 // UpdateFileURL updates the share URL for a file
 func (h *FileHandler) UpdateFileURL(c *gin.Context) {
 	var req ente.UpdateFileUrl