diff --git a/server/middlewares/integration/verifyApiKeyRoleAccess.ts b/server/middlewares/integration/verifyApiKeyRoleAccess.ts
index ffe223a6..62bfb946 100644
--- a/server/middlewares/integration/verifyApiKeyRoleAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyRoleAccess.ts
@@ -23,9 +23,14 @@ export async function verifyApiKeyRoleAccess(
             );
         }
 
-        const { roleIds } = req.body;
-        const allRoleIds =
-            roleIds || (isNaN(singleRoleId) ? [] : [singleRoleId]);
+        let allRoleIds: number[] = [];
+        if (!isNaN(singleRoleId)) {
+            // If roleId is provided in URL params, query params, or body (single), use it exclusively
+            allRoleIds = [singleRoleId];
+        } else if (req.body?.roleIds) {
+            // Only use body.roleIds if no single roleId was provided
+            allRoleIds = req.body.roleIds;
+        }
 
         if (allRoleIds.length === 0) {
             return next();
diff --git a/server/middlewares/verifyRoleAccess.ts b/server/middlewares/verifyRoleAccess.ts
index 91adf07c..8858ab53 100644
--- a/server/middlewares/verifyRoleAccess.ts
+++ b/server/middlewares/verifyRoleAccess.ts
@@ -23,8 +23,14 @@ export async function verifyRoleAccess(
         );
     }
 
-    const roleIds = req.body?.roleIds;
-    const allRoleIds = roleIds || (isNaN(singleRoleId) ? [] : [singleRoleId]);
+    let allRoleIds: number[] = [];
+    if (!isNaN(singleRoleId)) {
+        // If roleId is provided in URL params, query params, or body (single), use it exclusively
+        allRoleIds = [singleRoleId];
+    } else if (req.body?.roleIds) {
+        // Only use body.roleIds if no single roleId was provided
+        allRoleIds = req.body.roleIds;
+    }
 
     if (allRoleIds.length === 0) {
         return next();