diff --git a/backend/src/controllers/room.controller.ts b/backend/src/controllers/room.controller.ts
index 019ac09..03db2d1 100644
--- a/backend/src/controllers/room.controller.ts
+++ b/backend/src/controllers/room.controller.ts
@@ -119,17 +119,32 @@ export const bulkDeleteRooms = async (req: Request, res: Response) => {
 	}
 };
 
+export const getRoomPreferences = async (req: Request, res: Response) => {
+	const logger = container.get(LoggerService);
+	const roomService = container.get(RoomService);
+	const { roomId } = req.params;
+
+	logger.verbose(`Getting room preferences for room '${roomId}'`);
+
+	try {
+		const { preferences } = await roomService.getMeetRoom(roomId);
+		return res.status(200).json(preferences);
+	} catch (error) {
+		handleError(res, error, `getting room preferences for room '${roomId}'`);
+	}
+};
+
 export const updateRoomPreferences = async (req: Request, res: Response) => {
 	const logger = container.get(LoggerService);
 	const roomService = container.get(RoomService);
-	const roomPreferences = req.body;
+	const { preferences } = req.body;
 	const { roomId } = req.params;
 
 	logger.verbose(`Updating room preferences for room '${roomId}'`);
 
 	try {
-		const room = await roomService.updateMeetRoomPreferences(roomId, roomPreferences);
-		return res.status(200).json(room);
+		await roomService.updateMeetRoomPreferences(roomId, preferences);
+		return res.status(200).json({ message: `Room preferences for room '${roomId}' updated successfully` });
 	} catch (error) {
 		handleError(res, error, `updating room preferences for room '${roomId}'`);
 	}
@@ -209,18 +224,3 @@ export const getRoomRoleAndPermissions = async (req: Request, res: Response) =>
 		handleError(res, error, `getting room role and permissions for room '${roomId}' and secret '${secret}'`);
 	}
 };
-
-export const getRoomPreferences = async (req: Request, res: Response) => {
-	const logger = container.get(LoggerService);
-	const roomService = container.get(RoomService);
-	const { roomId } = req.params;
-
-	logger.verbose(`Getting room preferences for room '${roomId}'`);
-
-	try {
-		const { preferences } = await roomService.getMeetRoom(roomId);
-		return res.status(200).json(preferences);
-	} catch (error) {
-		handleError(res, error, `getting room preferences for room '${roomId}'`);
-	}
-};
diff --git a/backend/src/middlewares/request-validators/room-validator.middleware.ts b/backend/src/middlewares/request-validators/room-validator.middleware.ts
index d0b7894..cdfceb4 100644
--- a/backend/src/middlewares/request-validators/room-validator.middleware.ts
+++ b/backend/src/middlewares/request-validators/room-validator.middleware.ts
@@ -184,6 +184,10 @@ const BulkDeleteRoomsSchema = z.object({
 	force: validForceQueryParam()
 });
 
+const UpdateRoomPreferencesSchema = z.object({
+	preferences: RoomPreferencesSchema
+});
+
 const RecordingTokenRequestSchema = z.object({
 	secret: z.string().nonempty('Secret is required')
 });
@@ -224,7 +228,7 @@ export const withValidRoomFiltersRequest = (req: Request, res: Response, next: N
 };
 
 export const withValidRoomPreferences = (req: Request, res: Response, next: NextFunction) => {
-	const { success, error, data } = RoomPreferencesSchema.safeParse(req.body);
+	const { success, error, data } = UpdateRoomPreferencesSchema.safeParse(req.body);
 
 	if (!success) {
 		return rejectUnprocessableRequest(res, error);
diff --git a/backend/src/routes/room.routes.ts b/backend/src/routes/room.routes.ts
index cfe92ea..4135e2c 100644
--- a/backend/src/routes/room.routes.ts
+++ b/backend/src/routes/room.routes.ts
@@ -5,7 +5,6 @@ import * as roomCtrl from '../controllers/room.controller.js';
 import {
 	allowAnonymous,
 	apiKeyValidator,
-	checkParticipantFromSameRoom,
 	configureRecordingTokenAuth,
 	configureRoomAuthorization,
 	participantTokenValidator,
@@ -50,32 +49,32 @@ roomRouter.get(
 	configureRoomAuthorization,
 	roomCtrl.getRoom
 );
-roomRouter.put(
-	'/:roomId',
-	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN)),
-	withValidRoomId,
-	withValidRoomPreferences,
-	roomCtrl.updateRoomPreferences
-);
 roomRouter.delete(
 	'/:roomId',
 	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN)),
 	withValidRoomDeleteRequest,
 	roomCtrl.deleteRoom
 );
+roomRouter.get(
+	'/:roomId/preferences',
+	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN), participantTokenValidator),
+	withValidRoomId,
+	configureRoomAuthorization,
+	roomCtrl.getRoomPreferences
+);
+roomRouter.put(
+	'/:roomId/preferences',
+	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN)),
+	withValidRoomId,
+	withValidRoomPreferences,
+	roomCtrl.updateRoomPreferences
+);
 
 // Internal room routes
 export const internalRoomRouter = Router();
 internalRoomRouter.use(bodyParser.urlencoded({ extended: true }));
 internalRoomRouter.use(bodyParser.json());
 
-internalRoomRouter.get(
-	'/:roomId/preferences',
-	withAuth(participantTokenValidator),
-	withValidRoomId,
-	checkParticipantFromSameRoom,
-	roomCtrl.getRoomPreferences
-);
 internalRoomRouter.post(
 	'/:roomId/recording-token',
 	configureRecordingTokenAuth,