diff --git a/src/events/http/Http.js b/src/events/http/Http.js
index 6054dd9bb..3362276ea 100644
--- a/src/events/http/Http.js
+++ b/src/events/http/Http.js
@@ -1,18 +1,11 @@
-import { log } from '@serverless/utils/log.js'
 import HttpEventDefinition from './HttpEventDefinition.js'
 import HttpServer from './HttpServer.js'
-import { orange } from '../../config/colors.js'
 
 export default class Http {
-  #hasPrivateHttpEvent = false
-
   #httpServer = null
 
-  #options = null
-
   constructor(serverless, options, lambda) {
     this.#httpServer = new HttpServer(serverless, options, lambda)
-    this.#options = options
   }
 
   start() {
@@ -37,32 +30,8 @@ export default class Http {
   create(events) {
     events.forEach(({ functionKey, handler, http }) => {
       this.#createEvent(functionKey, http, handler)
-
-      if (http.private) {
-        this.#hasPrivateHttpEvent = true
-      }
     })
 
-    if (this.#hasPrivateHttpEvent) {
-      if (this.#options.apiKey) {
-        log.notice()
-        log.warning(
-          orange(`'--apiKey' is deprecated and will be removed in the next major version.
-  Please define the apiKey value in the 'provider.apiGateway.apiKeys' section of the serverless config.
-  If you are experiencing any issues please let us know: https://github.com/dherault/serverless-offline/issues`),
-        )
-        log.notice()
-      }
-
-      if (this.#options.noAuth) {
-        log.notice(
-          `Authorizers are turned off. You do not need to use 'x-api-key' header.`,
-        )
-      } else {
-        log.notice(`Remember to use 'x-api-key' on the request headers.`)
-      }
-    }
-
     this.#httpServer.writeRoutesTerminal()
   }
 
diff --git a/src/events/http/HttpServer.js b/src/events/http/HttpServer.js
index 70b945e96..bc46d976b 100644
--- a/src/events/http/HttpServer.js
+++ b/src/events/http/HttpServer.js
@@ -20,6 +20,7 @@ import {
 import LambdaProxyIntegrationEventV2 from './lambda-events/LambdaProxyIntegrationEventV2.js'
 import parseResources from './parseResources.js'
 import payloadSchemaValidator from './payloadSchemaValidator.js'
+import { orange } from '../../config/colors.js'
 import logRoutes from '../../utils/logRoutes.js'
 import {
   createApiKey,
@@ -37,6 +38,8 @@ const { assign, entries, keys } = Object
 export default class HttpServer {
   #apiKeysValues = null
 
+  #hasPrivateHttpEvent = false
+
   #lambda = null
 
   #options = null
@@ -893,12 +896,34 @@ export default class HttpServer {
   }
 
   createRoutes(functionKey, httpEvent, handler) {
-    if (httpEvent.private && this.#apiKeysValues.size === 0) {
-      const apiKey = this.#options.apiKey ?? createApiKey()
+    if (!this.#hasPrivateHttpEvent && httpEvent.private) {
+      this.#hasPrivateHttpEvent = true
+
+      if (this.#options.apiKey) {
+        log.notice()
+        log.warning(
+          orange(`'--apiKey' is deprecated and will be removed in the next major version.
+  Please define the apiKey value in the 'provider.apiGateway.apiKeys' section of the serverless config.
+  If you are experiencing any issues please let us know: https://github.com/dherault/serverless-offline/issues`),
+        )
+        log.notice()
+      }
+
+      if (this.#options.noAuth) {
+        log.notice(
+          `Authorizers are turned off. You do not need to use 'x-api-key' header.`,
+        )
+      } else {
+        log.notice(`Remember to use 'x-api-key' on the request headers.`)
+      }
+
+      if (this.#apiKeysValues.size === 0) {
+        const apiKey = this.#options.apiKey ?? createApiKey()
 
-      log.notice(`Key with token: ${apiKey}`)
+        log.notice(`Key with token: ${apiKey}`)
 
-      this.#apiKeysValues.add(apiKey)
+        this.#apiKeysValues.add(apiKey)
+      }
     }
 
     let method