diff --git a/common/api.py b/common/api.py
index fa4f7f16..1f4415ff 100644
--- a/common/api.py
+++ b/common/api.py
@@ -23,7 +23,7 @@ def authenticate(self, request, token) -> bool:
             _logger.debug("API auth: no access token or user not authenticated")
             return False
         request_scopes = []
-        request_method = request.method.upper()
+        request_method = request.method
         if request_method in PERMITTED_READ_METHODS:
             request_scopes = ["read"]
         elif request_method in PERMITTED_WRITE_METHODS: