diff --git a/backend-nest/src/modules/auth/auth.service.ts b/backend-nest/src/modules/auth/auth.service.ts
index 3155327..84864bb 100644
--- a/backend-nest/src/modules/auth/auth.service.ts
+++ b/backend-nest/src/modules/auth/auth.service.ts
@@ -146,7 +146,7 @@ export class AuthService {
   async refresh(refreshToken: string) {
     try {
       const payload = await this.jwtService.verifyAsync(refreshToken, {
-        secret: this.configService.get<string>('JWT_SECRET'),
+        secret: this.configService.get<string>('jwt.secret'),
       });
 
       const user = await this.userRepository.findOne({
@@ -166,8 +166,8 @@ export class AuthService {
           is_super_admin: user.is_super_admin,
         },
         {
-          secret: this.configService.get<string>('JWT_SECRET'),
-          expiresIn: this.configService.get<number>('JWT_ACCESS_EXPIRY_SECONDS', 3600),
+          secret: this.configService.get<string>('jwt.secret'),
+          expiresIn: this.configService.get<number>('jwt.accessExpirySeconds') || 900,
         },
       );
 
@@ -322,13 +322,13 @@ export class AuthService {
     };
 
     const accessToken = await this.jwtService.signAsync(payload, {
-      secret: this.configService.get<string>('JWT_SECRET'),
-      expiresIn: this.configService.get<number>('JWT_ACCESS_EXPIRY_SECONDS', 3600),
+      secret: this.configService.get<string>('jwt.secret'),
+      expiresIn: this.configService.get<number>('jwt.accessExpirySeconds') || 900,
     });
 
     const refreshToken = await this.jwtService.signAsync(payload, {
-      secret: this.configService.get<string>('JWT_SECRET'),
-      expiresIn: this.configService.get<number>('JWT_REFRESH_EXPIRY_SECONDS', 604800), // 7 days default
+      secret: this.configService.get<string>('jwt.secret'),
+      expiresIn: this.configService.get<number>('jwt.refreshExpirySeconds') || 604800,
     });
 
     return {
diff --git a/backend-nest/src/modules/auth/jwt.strategy.ts b/backend-nest/src/modules/auth/jwt.strategy.ts
index 5976f33..6ed968c 100644
--- a/backend-nest/src/modules/auth/jwt.strategy.ts
+++ b/backend-nest/src/modules/auth/jwt.strategy.ts
@@ -34,7 +34,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     super({
       jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
       ignoreExpiration: false,
-      secretOrKey: configService.get<string>('JWT_SECRET'),
+      secretOrKey: configService.get<string>('jwt.secret'),
     });
   }
 
diff --git a/frontend/src/views/admin/AnalyticsView.vue b/frontend/src/views/admin/AnalyticsView.vue
index 6ea97dc..de7bbe0 100644
--- a/frontend/src/views/admin/AnalyticsView.vue
+++ b/frontend/src/views/admin/AnalyticsView.vue
@@ -33,8 +33,8 @@ const loadAnalytics = async () => {
     const hours = rangeToHours(timeRange.value)
 
     const [summaryRes, timeseriesRes] = await Promise.all([
-      api.get<AnalyticsSummary>(`/api/analytics/summary?range=${hours}`),
-      api.get<TimeseriesData>(`/api/analytics/timeseries?range=${hours}&granularity=hourly`)
+      api.get<AnalyticsSummary>(`/analytics/summary?range=${hours}`),
+      api.get<TimeseriesData>(`/analytics/timeseries?range=${hours}&granularity=hourly`)
     ])
 
     summary.value = summaryRes