diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bcd96a0..e170a4ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,4 @@
+* Allow using an HTTP header for auth [Pablo]
 * Add iptables rules to block requests to the supervisor API from all interfaces except vpn, docker and local [Pablo]
 
 # v1.13.2
diff --git a/src/api.coffee b/src/api.coffee
index f118dce2..5a2843ce 100644
--- a/src/api.coffee
+++ b/src/api.coffee
@@ -17,9 +17,15 @@ module.exports = (application) ->
 	parsedRouter.use(bodyParser())
 
 	api.use (req, res, next) ->
+		queryKey = req.query.apikey
+		header = req.get('Authorization') ? ''
+		match = header.match(/^ApiKey (\w+)$/)
+		headerKey = match?[1]
 		utils.getOrGenerateSecret('api')
 		.then (secret) ->
-			if bufferEq(new Buffer(req.query.apikey), new Buffer(secret))
+			if queryKey? && bufferEq(new Buffer(queryKey), new Buffer(secret))
+				next()
+			else if headerKey? && bufferEq(new Buffer(headerKey), new Buffer(secret))
 				next()
 			else
 				res.sendStatus(401)