diff --git a/api/models/token.py b/api/models/token.py
index 84c56496..5e52bf2e 100644
--- a/api/models/token.py
+++ b/api/models/token.py
@@ -51,7 +51,7 @@ class APIUserToken(models.Model):
             if token_obj.valid_until is not None and token_obj.valid_until < _today:
                 raise PermissionError("Token validity expired")
         except ObjectDoesNotExist:
-            raise PermissionError("Credentials invalid")
+            raise PermissionError("Token unknown")
         return token_obj.user
 
 
diff --git a/api/views/views.py b/api/views/views.py
index 72ee2779..17755d3f 100644
--- a/api/views/views.py
+++ b/api/views/views.py
@@ -50,14 +50,19 @@ class AbstractAPIView(View):
     def dispatch(self, request, *args, **kwargs):
         try:
             # Fetch the proper user from the given request header token
-            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
+            token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
             ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
-            token_user = APIUserToken.get_user_from_token(ksp_token)
 
-            if ksp_user != token_user.username:
+            if not token and not ksp_user:
+                bearer_token = request.headers.get("authorization", None)
+                if not bearer_token:
+                    raise PermissionError("No token provided")
+                token = bearer_token.split(" ")[1]
+
+            token_user = APIUserToken.get_user_from_token(token)
+            if ksp_user and ksp_user != token_user.username:
                 raise PermissionError(f"Invalid token for {ksp_user}")
-            else:
-                self.user = token_user
+            self.user = token_user
 
             request.user = self.user
             if not self.user.is_default_user():