diff --git a/api/routes/security.py b/api/routes/security.py
index 6d1c84d..dedfa3a 100644
--- a/api/routes/security.py
+++ b/api/routes/security.py
@@ -72,7 +72,7 @@ async def __call__(self, request: Request) -> Optional[str]:
         authorization = request.cookies.get(access_token_key)
         if authorization is None:
             # Use the header if the cookie isn't set
-            authorization = request.headers.get("Authorization")
+            authorization = request.headers.get(access_token_key)
 
         scheme, param = get_authorization_scheme_param(authorization)
         if not authorization or scheme.lower() != "bearer":