diff --git a/app/controllers/access_tokens_controller.rb b/app/controllers/access_tokens_controller.rb
index c5c69c49..75964ce3 100644
--- a/app/controllers/access_tokens_controller.rb
+++ b/app/controllers/access_tokens_controller.rb
@@ -1,15 +1,20 @@
 class AccessTokensController < ApplicationController
-  # Skip authentication for this method
   skip_before_action :authenticate_user!, only: [:public_by_email]
+  skip_authorization_check only: [:public_by_email]  # <-- Add this
 
   def public_by_email
-    user = User.find_by!(email: params[:email])
+    user = User.find_by(email: params[:email])
+    return render json: { error: "User not found" }, status: :not_found unless user
+
     access_token = user.access_token
+    return render json: { error: "Access token not found" }, status: :not_found unless access_token
 
     render json: {
       user_id: user.id,
       email: user.email,
       token: access_token.token
     }
+  rescue => e
+    render json: { error: "Internal server error", message: e.message }, status: :internal_server_error
   end
 end