diff --git a/ninetofiver/authentication.py b/ninetofiver/authentication.py
index 8687661..50d0a7e 100644
--- a/ninetofiver/authentication.py
+++ b/ninetofiver/authentication.py
@@ -10,29 +10,29 @@ class ApiKeyAuthentication(BaseTokenAuthentication):
 
     model = models.ApiKey
 
-    def authenticate(self, request):
-        """Authenticate the request."""
-        token = request.GET.get('api_key', None)
-
-        if not token:
-            auth = get_authorization_header(request).split()
-
-            if auth and auth[0].lower() == self.keyword.lower().encode():
-                if len(auth) == 1:
-                    msg = _('Invalid token header. No credentials provided.')
-                    raise exceptions.AuthenticationFailed(msg)
-                elif len(auth) > 2:
-                    msg = _('Invalid token header. Token string should not contain spaces.')
-                    raise exceptions.AuthenticationFailed(msg)
-
-                try:
-                    token = auth[1].decode()
-                except UnicodeError:
-                    msg = _('Invalid token header. Token string should not contain invalid characters.')
-                    raise exceptions.AuthenticationFailed(msg)
-
-        if not token:
-            msg = _('Invalid token. No credentials provided.')
+    def authenticate(self, request): 
+        
+        # removed the following to prevent the use of query parameters for api_key
+        # token = request.GET.get('api_key', None) 
+
+        """Authenticate the request.""" 
+        auth = get_authorization_header(request).split()
+
+        if not auth or auth[0].lower() != self.keyword.lower().encode():
+            msg = _('Invalid token header. No credentials provided.')
+            raise exceptions.AuthenticationFailed(msg)
+
+        if len(auth) == 1:
+            msg = _('Invalid token header. No credentials provided.')
+            raise exceptions.AuthenticationFailed(msg)
+        elif len(auth) > 2:
+            msg = _('Invalid token header. Token string should not contain spaces.')
+            raise exceptions.AuthenticationFailed(msg)
+
+        try:
+            token = auth[1].decode()
+        except UnicodeError:
+            msg = _('Invalid token header. Token string should not contain invalid characters.')
             raise exceptions.AuthenticationFailed(msg)
 
         res = self.authenticate_credentials(token)
@@ -42,4 +42,4 @@ def authenticate(self, request):
             msg = _('The token provided is only valid for read-only requests.')
             raise exceptions.AuthenticationFailed(msg)
 
-        return res
\ No newline at end of file
+        return res