diff --git a/apps/api/src/auth/auth.controller.ts b/apps/api/src/auth/auth.controller.ts
index 425a541..f93f9f3 100644
--- a/apps/api/src/auth/auth.controller.ts
+++ b/apps/api/src/auth/auth.controller.ts
@@ -3,17 +3,20 @@
 /* eslint-disable import/no-extraneous-dependencies */
 import { AuthService } from './auth.service';
 import { Credentials } from './types/request';
+import type { CookieSerializeOptions } from '@fastify/cookie';
 import { Body, Controller, Get, HttpException, HttpStatus, Post, Req, Res } from '@nestjs/common';
 import { FastifyReply, FastifyRequest } from 'fastify';
 import { env } from 'src/config/env';
 
 @Controller()
 export class AuthController {
-  cookieOptions: { maxAge: number; path: string };
+  cookieOptions: CookieSerializeOptions;
   constructor(private readonly authService: AuthService) {
     this.cookieOptions = {
+      httpOnly: true,
       maxAge: env.API_TOKEN_TTL,
       path: '/',
+      secure: true,
     };
   }