diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index c1375b2031..b59a01dfef 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -257,10 +257,8 @@ public class Startup
 
         // Add authentication and authorization to the request pipeline.
         app.UseAuthentication();
-
-        // Add current context - before authz. Is this OK?
+        // Note: ICurrentContext is used in authorization middleware so it must be registered first
         app.UseMiddleware<CurrentContextMiddleware>();
-
         app.UseAuthorization();
 
         // Add endpoints to the request pipeline.