diff --git a/src/stocktool/web/app.py b/src/stocktool/web/app.py
index 0be09dd..f2f7468 100644
--- a/src/stocktool/web/app.py
+++ b/src/stocktool/web/app.py
@@ -399,6 +399,31 @@ def get_pending():
     })
 
 
+@app.route('/api/proxy/image')
+def proxy_image():
+    """Proxy image requests with authentication."""
+    image_url = request.args.get('url')
+
+    if not image_url:
+        return jsonify({'error': 'url parameter required'}), 400
+
+    # If it's a relative URL, make it absolute
+    if image_url.startswith('/'):
+        image_url = config['host'] + image_url
+
+    try:
+        # Fetch image with authentication
+        response = requests.get(image_url, headers={'Authorization': f"Token {config['token']}"})
+        response.raise_for_status()
+
+        # Return image with correct content type
+        content_type = response.headers.get('Content-Type', 'image/jpeg')
+        return response.content, 200, {'Content-Type': content_type}
+
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+
 # WebSocket events
 @socketio.on('connect')
 def handle_connect():
diff --git a/src/stocktool/web/static/js/app.js b/src/stocktool/web/static/js/app.js
index 692337b..6617c7b 100644
--- a/src/stocktool/web/static/js/app.js
+++ b/src/stocktool/web/static/js/app.js
@@ -346,12 +346,12 @@ function stockApp() {
                     this.currentPart = data.part_info;
                     this.currentParameters = data.parameters;
 
-                    // Fix image URLs - convert relative paths to full InvenTree URLs
-                    if (this.currentPart.image && this.currentPart.image.startsWith('/')) {
-                        this.currentPart.image = this.config.host + this.currentPart.image;
+                    // Fix image URLs - use proxy for authenticated access
+                    if (this.currentPart.image) {
+                        this.currentPart.image = `/api/proxy/image?url=${encodeURIComponent(this.currentPart.image)}`;
                     }
-                    if (this.currentPart.thumbnail && this.currentPart.thumbnail.startsWith('/')) {
-                        this.currentPart.thumbnail = this.config.host + this.currentPart.thumbnail;
+                    if (this.currentPart.thumbnail) {
+                        this.currentPart.thumbnail = `/api/proxy/image?url=${encodeURIComponent(this.currentPart.thumbnail)}`;
                     }
 
                     this.log('success', `✅ Found part: ${partCode}`);