diff --git a/lib/Controller/APIController.php b/lib/Controller/APIController.php
index 874c66c0..41abb468 100644
--- a/lib/Controller/APIController.php
+++ b/lib/Controller/APIController.php
@@ -54,7 +54,7 @@ public function get(): DataResponse {
 
 			$site['redirect'] = (int)$site['redirect'];
 
-			unset($site['lang'], $site['device'], $site['groups']);
+			unset($site['lang'], $site['device'], $site['groups'], $site['jwt']);
 			$sites[] = $site;
 		}
 
diff --git a/lib/Controller/SiteController.php b/lib/Controller/SiteController.php
index 58e2a0d5..1c9c5a88 100644
--- a/lib/Controller/SiteController.php
+++ b/lib/Controller/SiteController.php
@@ -97,9 +97,17 @@ protected function createResponse(int $id, array $site, string $path = ''): Temp
 				$url .= ':' . $parts['port'];
 			}
 			$url .= rtrim($parts['path'] ?? '', '/') . '/' . $path;
-			if (isset($parts['query'])) {
-				$url .= '?' . $parts['query'];
+
+			// Ensure the JWT is attached as a query parameter for deep links
+			$query = $parts['query'] ?? '';
+			if (isset($site['jwt']) && !preg_match('/(^|&)jwt=/', $query)) {
+				$jwtParam = 'jwt=' . rawurlencode($site['jwt']);
+				$query = $query !== '' ? $query . '&' . $jwtParam : $jwtParam;
+			}
+			if ($query !== '') {
+				$url .= '?' . $query;
 			}
+
 			if (isset($parts['fragment'])) {
 				$url .= '#' . $parts['fragment'];
 			}
diff --git a/lib/SitesManager.php b/lib/SitesManager.php
index a7f7c42e..8186e635 100644
--- a/lib/SitesManager.php
+++ b/lib/SitesManager.php
@@ -106,6 +106,10 @@ public function getSitesToDisplay(): array {
 				continue;
 			}
 
+			if (str_contains($site['url'], '{jwt}') && $jwt !== '') {
+				$site['jwt'] = $jwt;
+			}
+
 			$site['url'] = str_replace(
 				['{email}', '{uid}', '{displayname}', '{jwt}', '{groups}', '{language}', '{locale}'],
 				array_map('rawurlencode', [$email, $uid, $displayName, $jwt, implode(',', $groups), $lang, $locale]),