diff --git a/services/proxy/pkg/middleware/public_share_auth.go b/services/proxy/pkg/middleware/public_share_auth.go
index 8f82bf7203..bb53ecfa24 100644
--- a/services/proxy/pkg/middleware/public_share_auth.go
+++ b/services/proxy/pkg/middleware/public_share_auth.go
@@ -25,9 +25,22 @@ type PublicShareAuthenticator struct {
 	RevaGatewayClient gateway.GatewayAPIClient
 }
 
+// The archiver is able to create archives from public shares in which case it needs to use the
+// PublicShareAuthenticator. It might however also be called using "normal" authentication or
+// using signed url, which are handled by other middleware. For this reason we can't just
+// handle `/archiver` with the `isPublicPath()` check.
+func isPublicShareArchive(r *http.Request) bool {
+	if strings.HasPrefix(r.URL.Path, "/archiver") {
+		if r.URL.Query().Get(headerShareToken) != "" || r.Header.Get(headerShareToken) != "" {
+			return true
+		}
+	}
+	return false
+}
+
 // Authenticate implements the authenticator interface to authenticate requests via public share auth.
 func (a PublicShareAuthenticator) Authenticate(r *http.Request) (*http.Request, bool) {
-	if !isPublicPath(r.URL.Path) {
+	if !isPublicPath(r.URL.Path) && !isPublicShareArchive(r) {
 		return nil, false
 	}
 
diff --git a/services/proxy/pkg/middleware/public_share_auth_test.go b/services/proxy/pkg/middleware/public_share_auth_test.go
index 98637988bd..4df9a47ca9 100644
--- a/services/proxy/pkg/middleware/public_share_auth_test.go
+++ b/services/proxy/pkg/middleware/public_share_auth_test.go
@@ -28,6 +28,10 @@ var _ = Describe("Authenticating requests", Label("PublicShareAuthenticator"), f
 						return "exampletoken", rpcv1beta1.Code_CODE_OK
 					}
 
+					if clientID == "sharetoken" && clientSecret == "password|" {
+						return "otherexampletoken", rpcv1beta1.Code_CODE_OK
+					}
+
 					return "", rpcv1beta1.Code_CODE_NOT_FOUND
 				},
 			},
@@ -62,6 +66,29 @@ var _ = Describe("Authenticating requests", Label("PublicShareAuthenticator"), f
 			})
 		})
 	})
+	When("the reguest is for the archiver", func() {
+		Context("using a public-token", func() {
+			It("should successfully authenticate", func() {
+				req := httptest.NewRequest(http.MethodGet, "http://example.com/archiver?public-token=sharetoken", http.NoBody)
+				req2, valid := authenticator.Authenticate(req)
+
+				Expect(valid).To(Equal(true))
+				Expect(req2).ToNot(BeNil())
+
+				h := req2.Header
+				Expect(h.Get(_headerRevaAccessToken)).To(Equal("otherexampletoken"))
+			})
+		})
+		Context("not using a public-token", func() {
+			It("should fail to authenticate", func() {
+				req := httptest.NewRequest(http.MethodGet, "http://example.com/archiver", http.NoBody)
+				req2, valid := authenticator.Authenticate(req)
+
+				Expect(valid).To(Equal(false))
+				Expect(req2).To(BeNil())
+			})
+		})
+	})
 })
 
 type mockGatewayClient struct {