diff --git a/applications/api.moon b/applications/api.moon
index 7f57185..16dbcb7 100644
--- a/applications/api.moon
+++ b/applications/api.moon
@@ -12,17 +12,17 @@ class API extends Application
   @name: "api_"
 
   @before_filter( api_request =>
-    -- TODO implement Authorization: api_key VALUE as acceptable method to send api_key
-    abort "api_key not specified." unless @params.api_key -- this does not seem to be triggering!!!
+    return if @user
+    if auth = @req.headers["authorization"]
+      if auth\len! > 0
+        @params.api_key = auth
+    abort "api_key not specified." unless @params.api_key
     @api_key = APIKeys\find key: @params.api_key
     abort "Invalid api_key" unless @api_key
     @user = Users\find id: @api_key.user_id
     abort "Invalid api_key." unless @user -- NOTE this should also delete the api_key and error (this should never happen!)
   )
 
-  [err_test: "/err"]: api_request =>
-    error "this is a testing error"
-
   [new: "/new"]: api_request =>
     assert_valid @params, {
       {"content", exists: true, min_length: 1, "Task content not specified."}