diff --git a/Cargo.lock b/Cargo.lock
index a6d9d3a5..1671aa08 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2190,7 +2190,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.12.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "assign",
  "js_int",
@@ -2201,7 +2201,6 @@ dependencies = [
  "ruma-events",
  "ruma-federation-api",
  "ruma-push-gateway-api",
- "ruma-server-util",
  "ruma-signatures",
  "ruma-state-res",
  "web-time",
@@ -2210,7 +2209,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.12.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2222,7 +2221,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.20.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "as_variant",
  "assign",
@@ -2245,7 +2244,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.15.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -2276,7 +2275,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.30.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "as_variant",
  "indexmap 2.2.6",
@@ -2299,10 +2298,12 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.11.0"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "bytes",
+ "headers",
  "http 1.1.0",
+ "http-auth",
  "httparse",
  "js_int",
  "memchr",
@@ -2312,12 +2313,14 @@ dependencies = [
  "ruma-events",
  "serde",
  "serde_json",
+ "thiserror 2.0.11",
+ "tracing",
 ]
 
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.10.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "js_int",
  "thiserror 2.0.11",
@@ -2326,7 +2329,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.15.1"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "cfg-if",
  "proc-macro-crate",
@@ -2341,7 +2344,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.11.0"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2350,23 +2353,10 @@ dependencies = [
  "serde_json",
 ]
 
-[[package]]
-name = "ruma-server-util"
-version = "0.5.0"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
-dependencies = [
- "headers",
- "http 1.1.0",
- "http-auth",
- "ruma-common",
- "thiserror 2.0.11",
- "tracing",
-]
-
 [[package]]
 name = "ruma-signatures"
 version = "0.17.0"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -2382,7 +2372,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.13.0"
-source = "git+https://github.com/ruma/ruma.git#9e6099161d4ed295e694fa0d5de2b28a23840a4f"
+source = "git+https://github.com/ruma/ruma.git#7c03b554c0d3e8b0a27fc0fadba36a4d636935d3"
 dependencies = [
  "js_int",
  "ruma-common",
diff --git a/Cargo.toml b/Cargo.toml
index e5fbd41a..345fba60 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -160,7 +160,6 @@ features = [
   "push-gateway-api-c",
   "rand",
   "ring-compat",
-  "server-util",
   "state-res",
   "unstable-msc2448",
   "unstable-msc3575",
diff --git a/src/api/ruma_wrapper/axum.rs b/src/api/ruma_wrapper/axum.rs
index 2c5da21b..dd755f64 100644
--- a/src/api/ruma_wrapper/axum.rs
+++ b/src/api/ruma_wrapper/axum.rs
@@ -15,8 +15,10 @@ use axum_extra::{
 use bytes::{BufMut, BytesMut};
 use http::{Request, StatusCode};
 use ruma::{
-    api::{client::error::ErrorKind, AuthScheme, IncomingRequest, OutgoingResponse},
-    server_util::authorization::XMatrix,
+    api::{
+        client::error::ErrorKind, federation::authentication::XMatrix, AuthScheme, IncomingRequest,
+        OutgoingResponse,
+    },
     CanonicalJsonValue, MilliSecondsSinceUnixEpoch, OwnedDeviceId, OwnedUserId, UserId,
 };
 use serde::Deserialize;
@@ -110,7 +112,10 @@ where
                         ));
                     }
                 }
-                (AuthScheme::AccessToken, Token::Appservice(info)) => {
+                (
+                    AuthScheme::AccessToken | AuthScheme::AppserviceToken,
+                    Token::Appservice(info),
+                ) => {
                     let user_id = query_params
                         .user_id
                         .map_or_else(
@@ -144,11 +149,11 @@ where
                 }
                 (
                     AuthScheme::None
-                    | AuthScheme::AppserviceToken
+                    | AuthScheme::AppserviceTokenOptional
                     | AuthScheme::AccessTokenOptional,
                     Token::Appservice(info),
                 ) => (None, None, None, Some(*info)),
-                (AuthScheme::AccessToken, Token::None) => {
+                (AuthScheme::AppserviceToken | AuthScheme::AccessToken, Token::None) => {
                     return Err(Error::BadRequest(
                         ErrorKind::MissingToken,
                         "Missing access token.",
@@ -287,7 +292,7 @@ where
                 }
                 (
                     AuthScheme::None
-                    | AuthScheme::AppserviceToken
+                    | AuthScheme::AppserviceTokenOptional
                     | AuthScheme::AccessTokenOptional,
                     Token::None,
                 ) => (None, None, None, None),
@@ -297,7 +302,10 @@ where
                         "Only server signatures should be used on this endpoint.",
                     ));
                 }
-                (AuthScheme::AppserviceToken, Token::User(_)) => {
+                (
+                    AuthScheme::AppserviceToken | AuthScheme::AppserviceTokenOptional,
+                    Token::User(_),
+                ) => {
                     return Err(Error::BadRequest(
                         ErrorKind::Unauthorized,
                         "Only appservice access tokens should be used on this endpoint.",