diff --git a/h/security/policy/_api_cookie.py b/h/security/policy/_api_cookie.py
index b53170eae10..d3ce392bd7b 100644
--- a/h/security/policy/_api_cookie.py
+++ b/h/security/policy/_api_cookie.py
@@ -8,7 +8,9 @@
 COOKIE_AUTHENTICATABLE_API_REQUESTS = [
     ("api.groups", "POST"),  # Create a new group.
     ("api.group", "PATCH"),  # Edit an existing group.
-    ("api.group_members", "GET"),  # List group members
+    ("api.group_members", "GET"),  # List group members.
+    ("api.group_member", "PATCH"),  # Edit group membership.
+    ("api.group_member", "DELETE"),  # Remove group member.
 ]