diff --git a/auth.go b/auth.go
index 35fc064..9476a33 100644
--- a/auth.go
+++ b/auth.go
@@ -7,6 +7,8 @@ import (
 	"github.com/labstack/echo"
 )
 
+var skipPaths []string = []string{"/metrics"}
+
 var configuredToken string
 
 func init() {
@@ -17,14 +19,22 @@ func init() {
 // TokenMiddleware handles authentication
 func TokenMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
+		// Skip selected paths
+		var skip bool
+		for _, path := range skipPaths {
+			if path == c.Request().URL.Path {
+				skip = true
+			}
+		}
+
 		tokenHeader := c.Request().Header.Get("Authorization")
 		token := strings.Replace(tokenHeader, "Token ", "", -1)
 
-		if token == "" {
+		if token == "" && !skip {
 			token = c.QueryParam("token")
 		}
 
-		if token != configuredToken || configuredToken == "" {
+		if (token != configuredToken || configuredToken == "") && !skip {
 			return c.JSONPretty(403, map[string]string{"message": "access denied"}, " ")
 		}