diff --git a/middleware/middleware.go b/middleware/middleware.go
index 0ad5e33e..817ca16d 100644
--- a/middleware/middleware.go
+++ b/middleware/middleware.go
@@ -71,8 +71,7 @@ func GetContext(handler http.Handler) http.HandlerFunc {
 	}
 }
 
-// RequireAPIKey ensures that a valid API key is set as either the api_key GET
-// parameter, or a Bearer token.
+// RequireAPIKey ensures that a valid API key or login cookie is set
 func RequireAPIKey(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -84,13 +83,11 @@ func RequireAPIKey(handler http.Handler) http.Handler {
 		}
 		r.ParseForm()
 		ak := r.Form.Get("api_key")
-		// If we can't get the API key, we'll also check for the
-		// Authorization Bearer token
+		// If we can't get the API key, we'll also check if user is logged in
+		// via the web interface
 		if ak == "" {
-			tokens, ok := r.Header["Authorization"]
-			if ok && len(tokens) >= 1 {
-				ak = tokens[0]
-				ak = strings.TrimPrefix(ak, "Bearer ")
+			if u := ctx.Get(r, "user"); u != nil {
+				ak = u.(models.User).ApiKey
 			}
 		}
 		if ak == "" {