diff --git a/src/main/java/com/opendata/docs/MyPageControllerDocs.java b/src/main/java/com/opendata/docs/MyPageControllerDocs.java
index f51b13d..7ba2f21 100644
--- a/src/main/java/com/opendata/docs/MyPageControllerDocs.java
+++ b/src/main/java/com/opendata/docs/MyPageControllerDocs.java
@@ -13,6 +13,7 @@
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestParam;
 
 import java.util.List;
@@ -105,7 +106,7 @@ ResponseEntity<com.opendata.global.response.ApiResponse<List<CourseHistoryRespon
     })
     ResponseEntity<com.opendata.global.response.ApiResponse<Void>> updateTourSpot(
             @AuthenticationPrincipal CustomUserDetails customUserDetails,
-            @RequestParam Long tourSpotId
+            @PathVariable("tourspotId") Long tourSpotId
     );
 
     @Operation(summary = "사용자 선호 관광지 조회", description = "사용자가 선호하는 관광지 조회")
@@ -194,7 +195,7 @@ ResponseEntity<com.opendata.global.response.ApiResponse<List<TourSpotDetailRespo
     })
     ResponseEntity<com.opendata.global.response.ApiResponse<Void>> deleteTourSpot(
             @AuthenticationPrincipal CustomUserDetails customUserDetails,
-            @RequestParam Long tourSpotId
+            @PathVariable("tourspotId") Long tourSpotId
     );
 
     @Operation(summary = "사용자 조회", description = "사용자 정보(이메일, 멤버쉽, 이름) 조회")
@@ -284,7 +285,7 @@ ResponseEntity<com.opendata.global.response.ApiResponse<UserResponse>> findUser(
         )
     })
     ResponseEntity<com.opendata.global.response.ApiResponse<Boolean>> CheckTourSpot(
-        @RequestParam Long tourSpotId,
+        @PathVariable("tourspotId") Long tourSpotId,
         @AuthenticationPrincipal CustomUserDetails customUserDetails
     );
 }
diff --git a/src/main/java/com/opendata/domain/mypage/controller/MypageController.java b/src/main/java/com/opendata/domain/mypage/controller/MypageController.java
index 2e605c7..748d86b 100644
--- a/src/main/java/com/opendata/domain/mypage/controller/MypageController.java
+++ b/src/main/java/com/opendata/domain/mypage/controller/MypageController.java
@@ -28,10 +28,10 @@ public ResponseEntity<ApiResponse<List<CourseHistoryResponse>>> findCourses(
     ){
         return ResponseEntity.ok(ApiResponse.onSuccess(mypageService.getCourses(customUserDetails)));
     }
-    @PostMapping("/preferences")
+    @PostMapping("/preferences/{tourspotId}")
     public ResponseEntity<ApiResponse<Void>> updateTourSpot(
             @AuthenticationPrincipal CustomUserDetails customUserDetails,
-            @RequestParam Long tourSpotId
+            @PathVariable("tourspotId") Long tourSpotId
     ){
         mypageService.saveUserTourSpot(customUserDetails,tourSpotId);
         return ResponseEntity.ok(ApiResponse.onSuccessVoid());
@@ -42,10 +42,10 @@ public ResponseEntity<ApiResponse<List<TourSpotDetailResponse>>> findTourSpot(
     ){
         return ResponseEntity.ok(ApiResponse.onSuccess(mypageService.getTourSpotDetail(customUserDetails)));
     }
-    @DeleteMapping("/preferences")
+    @DeleteMapping("/preferences/{tourspotId}")
     public ResponseEntity<ApiResponse<Void>> deleteTourSpot(
             @AuthenticationPrincipal CustomUserDetails customUserDetails,
-            @RequestParam Long tourSpotId
+            @PathVariable("tourspotId") Long tourSpotId
     ){
         mypageService.deleteTourSpot(customUserDetails,tourSpotId);
         return ResponseEntity.ok(ApiResponse.onSuccessVoid());
@@ -57,9 +57,9 @@ public ResponseEntity<ApiResponse<UserResponse>> findUser(
         return ResponseEntity.ok(ApiResponse.onSuccess(mypageService.getUser(customUserDetails)));
     }
 
-    @GetMapping("/preferences/check")
+    @GetMapping("/preferences/check/{tourspotId}")
     public ResponseEntity<ApiResponse<Boolean>> CheckTourSpot(
-        @RequestParam Long tourSpotId,
+        @PathVariable("tourspotId") Long tourSpotId,
         @AuthenticationPrincipal CustomUserDetails customUserDetails
     ){
         return ResponseEntity.ok(ApiResponse.onSuccess(mypageService.isPreferenceTourSpot(customUserDetails, tourSpotId)));
diff --git a/src/main/java/com/opendata/domain/tourspot/service/TourSpotRelatedService.java b/src/main/java/com/opendata/domain/tourspot/service/TourSpotRelatedService.java
index d403248..c0535b9 100644
--- a/src/main/java/com/opendata/domain/tourspot/service/TourSpotRelatedService.java
+++ b/src/main/java/com/opendata/domain/tourspot/service/TourSpotRelatedService.java
@@ -32,7 +32,7 @@ public class TourSpotRelatedService {
     private final AddressRepository addressRepository;
     private final TourSpotRelatedRepository tourSpotRelatedRepository;
 
-    @Value("${api.tour_api_congestion_key}")
+    @Value("${api.tour_api_tourspot_key}")
     private String secretKey;
 
 
diff --git a/src/main/java/com/opendata/domain/tourspot/service/TourSpotService.java b/src/main/java/com/opendata/domain/tourspot/service/TourSpotService.java
index 1316454..accc5a7 100644
--- a/src/main/java/com/opendata/domain/tourspot/service/TourSpotService.java
+++ b/src/main/java/com/opendata/domain/tourspot/service/TourSpotService.java
@@ -297,7 +297,7 @@ record Fetch(Address source, TourSpotRelatedDto dto) {}
         }
     }
 
-    //@Scheduled(cron = "0 0 3 * * *", zone = "Asia/Seoul")
+    @Scheduled(cron = "0 5 3 * * *", zone = "Asia/Seoul")
     @Transactional
     public Void updateMonthlyCongestion() {
         List<Address> addressList = addressCache.getAll();
diff --git a/src/main/java/com/opendata/global/config/SecurityConfig.java b/src/main/java/com/opendata/global/config/SecurityConfig.java
index f02a5ef..e7f9401 100644
--- a/src/main/java/com/opendata/global/config/SecurityConfig.java
+++ b/src/main/java/com/opendata/global/config/SecurityConfig.java
@@ -15,6 +15,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -90,11 +91,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         )
                 )
 
-                .authorizeHttpRequests(requests -> requests
-                        .requestMatchers("/oauth2/**","/register/*","/login/oauth2/**", "/swagger-ui/**",    // Swagger UI 관련 경로
-                                "/v3/api-docs/**","/api/tourspot/**", "/course/**","/","/login","/auth").permitAll()
-                        .anyRequest().authenticated()
-                )
+            .authorizeHttpRequests(requests -> requests
+                .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+
+                .requestMatchers(
+                    "/oauth2/**","/register/*","/login/oauth2/**",
+                    "/swagger-ui/**","/v3/api-docs/**",
+                    "/api/tourspot/**", "/course/**","/","/login","/auth"
+                ).permitAll()
+
+                .anyRequest().authenticated()
+            )
                 .oauth2Login((oauth2) -> oauth2
                         .authorizationEndpoint(config -> config
                                 .authorizationRequestRepository(cookieAuthorizationRequestRepository) //설정