diff --git a/maubot/management/api/__init__.py b/maubot/management/api/__init__.py
index 1f0d420..5a56534 100644
--- a/maubot/management/api/__init__.py
+++ b/maubot/management/api/__init__.py
@@ -19,12 +19,20 @@ import importlib
 
 from ...config import Config
 from .base import routes, get_config, set_config, set_loop
+from .auth import check_token
 from .middleware import auth, error
 
 
 @routes.get("/features")
-def features(_: web.Request) -> web.Response:
-    return web.json_response(get_config()["api_features"])
+def features(request: web.Request) -> web.Response:
+    data = get_config()["api_features"]
+    err = check_token(request)
+    if err is None:
+        return web.json_response(data)
+    else:
+        return web.json_response({
+            "login": data["login"],
+        })
 
 
 def init(cfg: Config, loop: AbstractEventLoop) -> web.Application:
diff --git a/maubot/management/api/auth.py b/maubot/management/api/auth.py
index aab1c4e..2001b7c 100644
--- a/maubot/management/api/auth.py
+++ b/maubot/management/api/auth.py
@@ -69,4 +69,4 @@ async def ping(request: web.Request) -> web.Response:
     user = data.get("user_id", None)
     if not get_config().is_admin(user):
         return resp.invalid_token
-    return resp.pong(user)
+    return resp.pong(user, get_config()["api_features"])
diff --git a/maubot/management/api/middleware.py b/maubot/management/api/middleware.py
index 5f7a788..ecba3b8 100644
--- a/maubot/management/api/middleware.py
+++ b/maubot/management/api/middleware.py
@@ -29,7 +29,7 @@ log = logging.getLogger("maubot.server")
 @web.middleware
 async def auth(request: web.Request, handler: Handler) -> web.Response:
     subpath = request.path[len(get_config()["server.base_path"]):]
-    if subpath.startswith("/auth/") or subpath == "/logs":
+    if subpath.startswith("/auth/") or subpath == "/features" or subpath == "/logs":
         return await handler(request)
     err = check_token(request)
     if err is not None:
diff --git a/maubot/management/api/responses.py b/maubot/management/api/responses.py
index 31fc864..f823d6f 100644
--- a/maubot/management/api/responses.py
+++ b/maubot/management/api/responses.py
@@ -294,9 +294,10 @@ class _Response:
             "token": token,
         })
 
-    def pong(self, user: str) -> web.Response:
+    def pong(self, user: str, features: dict) -> web.Response:
         return self.found({
             "username": user,
+            "features": features,
         })
 
     @staticmethod
diff --git a/maubot/management/frontend/src/api.js b/maubot/management/frontend/src/api.js
index 33cd551..35a63b6 100644
--- a/maubot/management/frontend/src/api.js
+++ b/maubot/management/frontend/src/api.js
@@ -64,15 +64,13 @@ export async function login(username, password) {
 let features = null
 
 export async function ping() {
-    if (!features) {
-        await remoteGetFeatures()
-    }
     const response = await fetch(`${BASE_PATH}/auth/ping`, {
         method: "POST",
         headers: getHeaders(),
     })
     const json = await response.json()
     if (json.username) {
+        features = json.features
         return json.username
     } else if (json.errcode === "auth_token_missing" || json.errcode === "auth_token_invalid") {
         return null