diff --git a/supabase/functions/send-bill-approval-invites/index.ts b/supabase/functions/send-bill-approval-invites/index.ts
index 1d8eab6..788bcff 100644
--- a/supabase/functions/send-bill-approval-invites/index.ts
+++ b/supabase/functions/send-bill-approval-invites/index.ts
@@ -118,6 +118,10 @@ serve(async (req) => {
         const denyLink = `${reviewLink}&action=deny`;
 
         const { error: sendErr } = await admin.functions.invoke("send-transactional-email", {
+          // Explicit Authorization header — supabase-js doesn't reliably
+          // forward the service-role apikey when one edge function invokes
+          // another, so verify_jwt on the inner function returns 401.
+          headers: { Authorization: `Bearer ${serviceKey}` },
           body: {
             templateName: "bill-approval-vote-invite",
             recipientEmail: m.member_email,