diff --git a/app/Http/Middleware/AuthenticateOAuth.php b/app/Http/Middleware/AuthenticateOAuth.php
index e0afa8fd..aecde626 100644
--- a/app/Http/Middleware/AuthenticateOAuth.php
+++ b/app/Http/Middleware/AuthenticateOAuth.php
@@ -64,7 +64,7 @@ class AuthenticateOAuth
     public function handle(Request $request, Closure $next, $requiredScope)
     {
         // Ensure this is a valid OAuth client.
-        $accessToken = $request->get('access_token');
+        $accessToken = $this->determineAccessToken($request, false);
 
         // check that access token is valid at Poniverse.net
         $accessTokenInfo = $this->poniverse->getAccessTokenInfo($accessToken);
@@ -88,4 +88,20 @@ class AuthenticateOAuth
 
         return $next($request);
     }
+
+
+    private function determineAccessToken(Request $request, $headerOnly = true)
+    {
+        $header = $request->header('Authorization');
+
+        if ($header !== null && substr($header, 0, 7) === 'Bearer ') {
+            return trim(substr($header, 7));
+        }
+
+        if ($headerOnly) {
+            return null;
+        }
+
+        return $request->get('access_token');
+    }
 }