diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts
index aa212f8a1b..fe62bc2c9c 100644
--- a/apps/login/src/lib/service.ts
+++ b/apps/login/src/lib/service.ts
@@ -50,11 +50,20 @@ export async function createServiceForHost<T extends ServiceClass>(
   return createClientFor<T>(service)(transport);
 }
 
+/**
+ * Extracts the service url and region from the headers if used in a multitenant context (x-zitadel-forward-host, x-zitade-region header)
+ * or falls back to the ZITADEL_API_URL for a self hosting deployment
+ * or falls back to the host header for a self hosting deployment using custom domains
+ * @param headers
+ * @returns the service url and region from the headers
+ * @throws if the service url could not be determined
+ *
+ */
 export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
   serviceUrl: string;
   serviceRegion: string;
 } {
-  let instanceUrl: string = process.env.ZITADEL_API_URL;
+  let instanceUrl;
 
   const forwardedHost = headers.get("x-zitadel-forward-host");
   // use the forwarded host if available (multitenant), otherwise fall back to the host of the deployment itself
@@ -63,6 +72,8 @@ export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
     instanceUrl = instanceUrl.startsWith("https://")
       ? instanceUrl
       : `https://${instanceUrl}`;
+  } else if (process.env.ZITADEL_API_URL) {
+    instanceUrl = process.env.ZITADEL_API_URL;
   } else {
     const host = headers.get("host");
 
@@ -74,6 +85,10 @@ export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
     }
   }
 
+  if (!instanceUrl) {
+    throw new Error("Service URL could not be determined");
+  }
+
   return {
     serviceUrl: instanceUrl,
     serviceRegion: headers.get("x-zitadel-region") || "",