diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml
index 4ff00b9..5b31e1e 100644
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -66,6 +66,34 @@ jobs:
       - dashboard-checks
     if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
     steps:
+      - name: Validate Coolify API access
+        env:
+          COOLIFY_BASE_URL: ${{ secrets.COOLIFY_BASE_URL }}
+          COOLIFY_API_TOKEN: ${{ secrets.COOLIFY_API_TOKEN }}
+        run: |
+          if [ -z "$COOLIFY_BASE_URL" ]; then
+            echo "Missing COOLIFY_BASE_URL"
+            exit 1
+          fi
+
+          if [ -z "$COOLIFY_API_TOKEN" ]; then
+            echo "Missing COOLIFY_API_TOKEN"
+            exit 1
+          fi
+
+          BASE_URL="${COOLIFY_BASE_URL%/}"
+          STATUS=$(curl --silent --output /tmp/coolify_api_probe.txt --write-out "%{http_code}" \
+            "$BASE_URL/api/v1/deploy" \
+            -H "Authorization: Bearer $COOLIFY_API_TOKEN")
+
+          if [ "$STATUS" -eq 401 ] || [ "$STATUS" -eq 403 ]; then
+            echo "Coolify API token rejected during preflight (HTTP $STATUS)."
+            echo "Check token scope and team/project access for this token."
+            exit 1
+          fi
+
+          echo "Coolify API preflight HTTP $STATUS"
+
       - name: Trigger backend deploy
         env:
           COOLIFY_BASE_URL: ${{ secrets.COOLIFY_BASE_URL }}
@@ -88,12 +116,46 @@ jobs:
           fi
 
           BASE_URL="${COOLIFY_BASE_URL%/}"
-          curl --fail --show-error --silent -G \
+
+          STATUS=$(curl --silent --output /tmp/coolify_backend_get.txt --write-out "%{http_code}" -G \
             "$BASE_URL/api/v1/deploy" \
             -H "Authorization: Bearer $COOLIFY_API_TOKEN" \
-            --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID"
+            --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID")
 
-          echo "Backend deploy triggered"
+          if [ "$STATUS" -eq 200 ]; then
+            echo "Backend deploy triggered via GET + Bearer"
+            exit 0
+          fi
+
+          STATUS=$(curl --silent --output /tmp/coolify_backend_post_bearer.txt --write-out "%{http_code}" \
+            -X POST "$BASE_URL/api/v1/deploy" \
+            -H "Authorization: Bearer $COOLIFY_API_TOKEN" \
+            -H "Content-Type: application/json" \
+            -d "{\"uuid\":\"$COOLIFY_RESOURCE_UUID\"}")
+
+          if [ "$STATUS" -eq 200 ]; then
+            echo "Backend deploy triggered via POST + Bearer"
+            exit 0
+          fi
+
+          STATUS=$(curl --silent --output /tmp/coolify_backend_get_token.txt --write-out "%{http_code}" -G \
+            "$BASE_URL/api/v1/deploy" \
+            -H "Authorization: $COOLIFY_API_TOKEN" \
+            --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID")
+
+          if [ "$STATUS" -eq 200 ]; then
+            echo "Backend deploy triggered via GET + Authorization: Token"
+            exit 0
+          fi
+
+          echo "Backend deploy failed across all auth/method variants."
+          echo "GET+Bearer response:"
+          sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_backend_get.txt | head -c 500; echo
+          echo "POST+Bearer response:"
+          sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_backend_post_bearer.txt | head -c 500; echo
+          echo "GET+Token response:"
+          sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_backend_get_token.txt | head -c 500; echo
+          exit 1
 
       - name: Trigger dashboard deploy
         env:
@@ -117,9 +179,43 @@ jobs:
           fi
 
           BASE_URL="${COOLIFY_BASE_URL%/}"
-          curl --fail --show-error --silent -G \
+
+          STATUS=$(curl --silent --output /tmp/coolify_dashboard_get.txt --write-out "%{http_code}" -G \
             "$BASE_URL/api/v1/deploy" \
             -H "Authorization: Bearer $COOLIFY_API_TOKEN" \
-            --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID"
+            --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID")
 
-          echo "Dashboard deploy triggered"
+          if [ "$STATUS" -eq 200 ]; then
+            echo "Dashboard deploy triggered via GET + Bearer"
+            exit 0
+          fi
+
+          STATUS=$(curl --silent --output /tmp/coolify_dashboard_post_bearer.txt --write-out "%{http_code}" \
+            -X POST "$BASE_URL/api/v1/deploy" \
+            -H "Authorization: Bearer $COOLIFY_API_TOKEN" \
+            -H "Content-Type: application/json" \
+            -d "{\"uuid\":\"$COOLIFY_RESOURCE_UUID\"}")
+
+          if [ "$STATUS" -eq 200 ]; then
+            echo "Dashboard deploy triggered via POST + Bearer"
+            exit 0
+          fi
+
+          STATUS=$(curl --silent --output /tmp/coolify_dashboard_get_token.txt --write-out "%{http_code}" -G \
+            "$BASE_URL/api/v1/deploy" \
+            -H "Authorization: $COOLIFY_API_TOKEN" \
+            --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID")
+
+          if [ "$STATUS" -eq 200 ]; then
+            echo "Dashboard deploy triggered via GET + Authorization: Token"
+            exit 0
+          fi
+
+          echo "Dashboard deploy failed across all auth/method variants."
+          echo "GET+Bearer response:"
+          sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_dashboard_get.txt | head -c 500; echo
+          echo "POST+Bearer response:"
+          sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_dashboard_post_bearer.txt | head -c 500; echo
+          echo "GET+Token response:"
+          sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_dashboard_get_token.txt | head -c 500; echo
+          exit 1