diff --git a/config/services.yaml b/config/services.yaml
index b9fb7d61c..19330252c 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -27,9 +27,9 @@ services:
 
     # Processors
     Pimcore\Bundle\StudioApiBundle\State\ResetPasswordProcessor: ~
-    Pimcore\Bundle\StudioApiBundle\State\TranslationProcessor: ~
     Pimcore\Bundle\StudioApiBundle\State\Token\Create\Processor: ~
     Pimcore\Bundle\StudioApiBundle\State\Token\Refresh\Processor: ~
+    Pimcore\Bundle\StudioApiBundle\State\TranslationProcessor: ~
 
     # Filters
     Pimcore\Bundle\StudioApiBundle\Filter\AssetParentIdFilter:
@@ -89,19 +89,12 @@ services:
     Pimcore\Bundle\StudioApiBundle\Service\TranslatorServiceInterface:
         class: Pimcore\Bundle\StudioApiBundle\Service\TranslatorService
 
-    #Voters
-    Pimcore\Bundle\StudioApiBundle\Security\Voter\PublicTokenVoter:
-        arguments: [ '@request_stack' ]
-        tags:
-            - { name: security.voter }
-
     Pimcore\Bundle\StudioApiBundle\Service\TokenServiceInterface:
         class: Pimcore\Bundle\StudioApiBundle\Service\TokenService
 
     Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface:
         class: Pimcore\Bundle\StudioApiBundle\Service\SecurityService
 
-
     #Voters
     Pimcore\Bundle\StudioApiBundle\Security\Voter\TokenVoter:
         arguments: ['@request_stack']
@@ -109,9 +102,9 @@ services:
             - { name: security.voter }
 
     Pimcore\Bundle\StudioApiBundle\Security\Voter\PublicTokenVoter:
-      arguments: [ '@request_stack' ]
-      tags:
-        - { name: security.voter }
+        arguments: [ '@request_stack' ]
+        tags:
+            - { name: security.voter }
 
     #Decorators
     Pimcore\Bundle\StudioApiBundle\ApiPlatform\OpenApiFactoryDecorator:
diff --git a/src/Exception/NonPublicTranslationException.php b/src/Exception/NonPublicTranslationException.php
new file mode 100644
index 000000000..6acd9130c
--- /dev/null
+++ b/src/Exception/NonPublicTranslationException.php
@@ -0,0 +1,23 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Pimcore
+ *
+ * This source file is available under two different licenses:
+ * - GNU General Public License version 3 (GPLv3)
+ * - Pimcore Commercial License (PCL)
+ * Full copyright and license information is available in
+ * LICENSE.md which is distributed with this source code.
+ *
+ *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
+ *  @license    http://www.pimcore.org/license     GPLv3 and PCL
+ */
+
+namespace Pimcore\Bundle\StudioApiBundle\Exception;
+
+use RuntimeException;
+
+final class NonPublicTranslationException extends RuntimeException
+{
+}
diff --git a/src/Security/Trait/PublicTranslationTrait.php b/src/Security/Trait/PublicTranslationTrait.php
index 671b25824..2e930ead2 100644
--- a/src/Security/Trait/PublicTranslationTrait.php
+++ b/src/Security/Trait/PublicTranslationTrait.php
@@ -13,6 +13,7 @@
 
 namespace Pimcore\Bundle\StudioApiBundle\Security\Trait;
 
+use Pimcore\Bundle\StudioApiBundle\Exception\NonPublicTranslationException;
 use Pimcore\Bundle\StudioApiBundle\Util\Constants\PublicTranslations;
 use Symfony\Component\HttpFoundation\InputBag;
 
@@ -23,15 +24,14 @@ trait PublicTranslationTrait
     private function voteOnTranslation(InputBag $payload): bool
     {
         $parameters = $payload->all();
-        if(!array_key_exists(self::ARRAY_KEYS_INDEX, $parameters)) {
+        if (!array_key_exists(self::ARRAY_KEYS_INDEX, $parameters)) {
             return false;
         }
 
-        foreach($parameters[self::ARRAY_KEYS_INDEX] as $key) {
-            // Allow only public keys
-            if(!in_array($key, PublicTranslations::PUBLIC_KEYS, true)) {
-                return false;
-            }
+        $nonPublicTranslations = array_diff($parameters[self::ARRAY_KEYS_INDEX], PublicTranslations::PUBLIC_KEYS);
+
+        if (!empty($nonPublicTranslations)) {
+            throw new NonPublicTranslationException(sprintf('You have requested non public keys: %s', implode(',', $nonPublicTranslations)));
         }
 
         return true;
diff --git a/src/Security/Voter/PublicTokenVoter.php b/src/Security/Voter/PublicTokenVoter.php
index 2de4b9c05..3e121668a 100644
--- a/src/Security/Voter/PublicTokenVoter.php
+++ b/src/Security/Voter/PublicTokenVoter.php
@@ -15,6 +15,8 @@
 
 use Pimcore\Bundle\StudioApiBundle\Exception\NoRequestException;
 use Pimcore\Bundle\StudioApiBundle\Security\Trait\PublicTranslationTrait;
+use Pimcore\Bundle\StudioApiBundle\Security\Trait\RequestTrait;
+use Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -22,6 +24,7 @@
 
 final class PublicTokenVoter extends Voter
 {
+    use RequestTrait;
     use PublicTranslationTrait;
 
     private const SUPPORTED_ATTRIBUTE = 'PUBLIC_API_PLATFORM';
@@ -30,6 +33,7 @@ final class PublicTokenVoter extends Voter
 
     public function __construct(
         private readonly RequestStack $requestStack,
+        private readonly SecurityServiceInterface $securityService
     ) {
     }
 
@@ -41,20 +45,15 @@ protected function supports(string $attribute, mixed $subject): bool
     protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
     {
 
-        $request = $this->getCurrentRequest();
+        $request = $this->getCurrentRequest($this->requestStack);
 
-        // TODO Add security service once merged with PR#5
-        return $this->voteOnRequest($request, $subject);
-    }
+        $authToken = $this->getAuthToken($request);
 
-    private function getCurrentRequest(): Request
-    {
-        $request = $this->requestStack->getCurrentRequest();
-        if(!$request) {
-            throw new NoRequestException('No request found');
+        if ($this->securityService->checkAuthToken($authToken)) {
+            return true;
         }
 
-        return $request;
+        return $this->voteOnRequest($request, $subject);
     }
 
     private function voteOnRequest(Request $request, string $subject): bool