diff --git a/scripts/validate_architecture.py b/scripts/validate_architecture.py
index cb4cdf42..3cc7c8bf 100755
--- a/scripts/validate_architecture.py
+++ b/scripts/validate_architecture.py
@@ -2612,9 +2612,12 @@ class ArchitectureValidator:
         if "noqa: auth-004" in content.lower():
             return
 
-        # Shop APIs that need vendor context should use require_vendor_context or # public
+        # Shop APIs that need vendor context should use require_vendor_context,
+        # # public, or # authenticated (customer auth includes vendor context)
         has_vendor_context = (
-            "require_vendor_context" in content or "# public" in content
+            "require_vendor_context" in content
+            or "# public" in content
+            or "# authenticated" in content
         )
 
         # Check for routes that might need vendor context
@@ -2623,10 +2626,11 @@ class ArchitectureValidator:
             lines = content.split("\n")
             for i, line in enumerate(lines, 1):
                 if "@router." in line:
-                    # Check next few lines for public marker or vendor context
+                    # Check next few lines for public/authenticated marker or vendor context
                     context_lines = "\n".join(lines[i - 1 : i + 10])
                     if (
                         "# public" not in context_lines
+                        and "# authenticated" not in context_lines
                         and "require_vendor_context" not in context_lines
                     ):
                         self._add_violation(