diff --git a/include/user.inc.php b/include/user.inc.php
index ded889409..daf835976 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -59,12 +59,12 @@ if (isset($_GET['auth']))
 // HTTP_AUTHORIZATION api_key
 if (
   defined('IN_WS')
-  and isset($_SERVER['HTTP_AUTHORIZATION'])
-  and !empty($_SERVER['HTTP_AUTHORIZATION']) 
+  and isset($_SERVER['HTTP_X_PIWIGO_API'])
+  and !empty($_SERVER['HTTP_X_PIWIGO_API']) 
   and isset($_REQUEST['method'])
 )
 {
-  $auth_header = pwg_db_real_escape_string($_SERVER['HTTP_AUTHORIZATION']) ?? null;
+  $auth_header = pwg_db_real_escape_string($_SERVER['HTTP_X_PIWIGO_API']) ?? null;
   
   if ($auth_header)
   {
diff --git a/tools/ws.htm b/tools/ws.htm
index 7c52683a9..28e4eac0d 100644
--- a/tools/ws.htm
+++ b/tools/ws.htm
@@ -125,7 +125,7 @@
                 <div class="card-content">
 
                   <div class="header-setting">
-                    <p class="header-label">Authorization:</p>
+                    <p class="header-label">X-PIWIGO-API:</p>
                     <p class="header-warning">Doesn't work when you use "INVOKE (new window)"</p>
                     <input type="text" id="apiKey" placeholder="pkid-xxxxxxxx-xxxxxxxxxxxxxxxxxxxx:yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" />
                   </div>
diff --git a/tools/ws/ws.js b/tools/ws/ws.js
index 7f00b0d83..86f6607c8 100644
--- a/tools/ws/ws.js
+++ b/tools/ws/ws.js
@@ -346,7 +346,7 @@ $(() => {
         if (!useCookie) {
             fetchOption.credentials = 'omit';
             fetchOption.headers = {
-                Authorization: authorization
+                "X-PIWIGO-API": authorization
             }
         }