diff --git a/lib/vidmoly-upload.js b/lib/vidmoly-upload.js
index a415730..6296587 100644
--- a/lib/vidmoly-upload.js
+++ b/lib/vidmoly-upload.js
@@ -111,20 +111,19 @@ class VidmolyUploader {
       throw new Error('Vidmoly Login fehlgeschlagen: Falscher Username oder Passwort');
     }
 
-    // Verify session by hitting the new SPA dashboard at /my. On the old XFS
-    // site the login page included a <form name="password">; the SPA dashboard
-    // doesn't contain that form when the session is valid (it's rendered by
-    // JS), so the absence of a password field + presence of any known marker
-    // (Dashboard / Logout / the user's own username) indicates we're in.
+    // Verify by directly probing the upload-config API. If we get a valid
+    // JSON with sess_id/upload_url back, we're in. This is the only thing
+    // we actually need to work, so check it up front instead of guessing
+    // from SPA HTML markers.
     if (this.cookies.size === 0) {
       throw new Error('Vidmoly Login fehlgeschlagen: Keine Session erhalten');
     }
-    const verifyRes = await this._fetch(`${BASE_URL}/my`);
-    const verifyBody = await verifyRes.text();
-    const hasPasswordForm = /<form[^>]*>[\s\S]{0,800}?name=["']password["']/i.test(verifyBody);
-    const hasDashboardMarker = /(?:Dashboard|Video[- ]Manager|Logout|dashboard|my[_ -]?(account|files))/i.test(verifyBody);
-    if (hasPasswordForm || !hasDashboardMarker) {
-      throw new Error('Vidmoly Login fehlgeschlagen: Session konnte nicht verifiziert werden');
+    const probe = await this._fetch(`${BASE_URL}/api/upload/config`);
+    const probeBody = await probe.text();
+    let probeJson = null;
+    try { probeJson = JSON.parse(probeBody); } catch {}
+    if (!probeJson || !probeJson.sess_id || !probeJson.upload_url) {
+      throw new Error('Vidmoly Login fehlgeschlagen: Session konnte nicht verifiziert werden (API-Probe)');
     }
   }