diff --git a/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java b/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java
index 34e0e41f92..cbbf8b0751 100644
--- a/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java
+++ b/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java
@@ -2,10 +2,7 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
 
 /**
@@ -15,4 +12,8 @@ public interface StatService {
     @GET
     @Produces({MediaType.APPLICATION_JSON})
     JsonNode stat(@HeaderParam("Authorization") String authorization, @QueryParam("month") String month);
+
+    @POST
+    @Produces({MediaType.APPLICATION_JSON})
+    JsonNode stat(@HeaderParam("Authorization") String authorization, @FormParam("month") String month, @FormParam("client_id") String clientId, @FormParam("client_secret") String clientSecret);
 }
diff --git a/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java b/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java
index 04929b5cf9..74e1c36b87 100644
--- a/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java
+++ b/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import org.gluu.oxauth.BaseTest;
+import org.gluu.oxauth.client.BaseRequest;
 import org.gluu.oxauth.client.service.ClientFactory;
 import org.gluu.oxauth.client.service.StatService;
 import org.gluu.oxauth.client.uma.wrapper.UmaClient;
@@ -23,6 +24,22 @@ public void stat(final String umaPatClientId, final String umaPatClientSecret) t
 
         final StatService service = ClientFactory.instance().createStatService(issuer + "/oxauth/restv1/internal/stat");
         final JsonNode node = service.stat("Bearer " + authorization.getAccessToken(), "202101");
-        assertTrue(node != null && node.isArray());
+        assertTrue(node != null && node.hasNonNull("response"));
+    }
+
+    @Test
+    @Parameters({"umaPatClientId", "umaPatClientSecret"})
+    public void statBasic(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
+        final StatService service = ClientFactory.instance().createStatService(issuer + "/oxauth/restv1/internal/stat");
+        final JsonNode node = service.stat("Basic " + BaseRequest.getEncodedCredentials(umaPatClientId, umaPatClientSecret), "202101");
+        assertTrue(node != null && node.hasNonNull("response"));
+    }
+
+    @Test
+    @Parameters({"umaPatClientId", "umaPatClientSecret"})
+    public void statPost(final String umaPatClientId, final String umaPatClientSecret) throws Exception {
+        final StatService service = ClientFactory.instance().createStatService(issuer + "/oxauth/restv1/internal/stat");
+        final JsonNode node = service.stat(null, "202101", umaPatClientId, umaPatClientSecret);
+        assertTrue(node != null && node.hasNonNull("response"));
     }
 }
diff --git a/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java b/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java
index eeee456343..b3f2304c80 100644
--- a/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java
+++ b/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java
@@ -323,6 +323,7 @@ private void processBasicAuth(HttpServletRequest servletRequest, HttpServletResp
                                 || servletRequest.getRequestURI().endsWith("/revoke_session")
                                 || servletRequest.getRequestURI().endsWith("/userinfo")
                                 || servletRequest.getRequestURI().endsWith("/bc-authorize")
+                                || servletRequest.getRequestURI().endsWith("/stat")
                                 || servletRequest.getRequestURI().endsWith("/device_authorization")) {
                             Client client = clientService.getClient(username);
                             if (client == null
diff --git a/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java b/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java
index 3b238c379f..0d4a3f003f 100644
--- a/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java
+++ b/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java
@@ -194,6 +194,7 @@ public String authenticateImpl(HttpServletRequest servletRequest, boolean intera
 							|| servletRequest.getRequestURI().endsWith("/revoke")
 							|| servletRequest.getRequestURI().endsWith("/revoke_session")
 							|| servletRequest.getRequestURI().endsWith("/userinfo")
+							|| servletRequest.getRequestURI().endsWith("/stat")
 							|| servletRequest.getRequestURI().endsWith("/bc-authorize")
 							|| servletRequest.getRequestURI().endsWith("/device_authorization")))) {
 				boolean authenticated = clientAuthentication(credentials, interactive, skipPassword);