diff --git a/backend/src/main/kotlin/plugins/HTTP.kt b/backend/src/main/kotlin/plugins/HTTP.kt
index 7a2b5f1..e09be68 100644
--- a/backend/src/main/kotlin/plugins/HTTP.kt
+++ b/backend/src/main/kotlin/plugins/HTTP.kt
@@ -12,6 +12,7 @@ fun Application.configureHTTP() {
         allowMethod(HttpMethod.Put)
         allowMethod(HttpMethod.Patch)
         allowMethod(HttpMethod.Delete)
+        allowHeader(HttpHeaders.Authorization)
         anyHost() // @TODO: Don't do this in production if possible. Try to limit it.
     }
     install(Compression)
diff --git a/backend/src/main/kotlin/plugins/Security.kt b/backend/src/main/kotlin/plugins/Security.kt
index cb47fb8..9237cf7 100644
--- a/backend/src/main/kotlin/plugins/Security.kt
+++ b/backend/src/main/kotlin/plugins/Security.kt
@@ -8,11 +8,13 @@ fun Application.configureSecurity(dotenv: Dotenv) {
     val apiKey = dotenv["API_KEY"] ?: throw Exception("API_KEY not found")
 
     authentication {
-        basic {
-            realm = "ktor"
-            validate { credentials ->
-                if (credentials.name == "admin" && credentials.password == apiKey) {
-                    UserIdPrincipal(credentials.name)
+        bearer {
+            realm = "/"
+            authenticate { credential ->
+                println("received: '${credential.token}'")
+                println("expected: '${apiKey}'")
+                if (credential.token == apiKey) {
+                    UserIdPrincipal("admin")
                 } else {
                     null
                 }
diff --git a/backend/src/main/kotlin/routes/Auth.kt b/backend/src/main/kotlin/routes/Auth.kt
index 9110160..e398c2f 100644
--- a/backend/src/main/kotlin/routes/Auth.kt
+++ b/backend/src/main/kotlin/routes/Auth.kt
@@ -4,7 +4,9 @@ import dev.svitan.services.AuthService
 import dev.svitan.services.NewAuthDTO
 import io.ktor.http.HttpStatusCode
 import io.ktor.server.application.Application
+import io.ktor.server.auth.UserIdPrincipal
 import io.ktor.server.auth.authentication
+import io.ktor.server.auth.principal
 import io.ktor.server.plugins.BadRequestException
 import io.ktor.server.plugins.NotFoundException
 import io.ktor.server.request.receive
@@ -16,6 +18,7 @@ fun Application.routeAuth() {
     routing {
         authentication {
             get("/auth") {
+                println("Hello ${call.principal<UserIdPrincipal>()?.name}")
                 call.respond(AuthService.readAll())
             }