diff --git a/api/auth.go b/api/auth.go
index baf647d..6dbb074 100644
--- a/api/auth.go
+++ b/api/auth.go
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/mux"
@@ -56,26 +57,17 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Even though writeJSON sets the content type, we need to set it here because
 	// calls to WriteHeader write out the entire header.
 	w.Header().Set("content-type", "application/json; charset=utf-8")
-	tokenCookie, err := r.Cookie(tokenName)
-	switch {
-	case err == http.ErrNoCookie:
-		w.WriteHeader(http.StatusUnauthorized)
-		writeJSON(w, Error{errPleaseLogIn})
-		return
-	case err != nil:
-		w.WriteHeader(http.StatusInternalServerError)
-		writeJSON(w, Error{errWhileParsingCookie})
-		return
-	}
 
-	if tokenCookie.Value == "" {
+	authHeader := r.Header.Get("Authorization")
+	if authHeader == "" {
 		w.WriteHeader(http.StatusUnauthorized)
 		writeJSON(w, Error{errPleaseLogIn})
 		return
 	}
+	s := strings.Split(authHeader, " ")
 
 	// Validate the token
-	token, err := jwt.Parse(tokenCookie.Value, func(token *jwt.Token) (interface{}, error) {
+	token, err := jwt.Parse(s[1], func(token *jwt.Token) (interface{}, error) {
 		return verifyKey, nil
 	})
 
diff --git a/api/server_for_test.go b/api/server_for_test.go
index 04b9d78..f5f9361 100644
--- a/api/server_for_test.go
+++ b/api/server_for_test.go
@@ -2,9 +2,10 @@ package api
 
 import (
 	"bytes"
+	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"net/http"
-	"net/http/cookiejar"
 	"net/http/httptest"
 	"net/url"
 
@@ -18,13 +19,12 @@ func init() {
 }
 
 var (
-	serveMux     = http.NewServeMux()
-	cookieJar, _ = cookiejar.New(nil)
-	httpClient   = http.Client{
+	serveMux   = http.NewServeMux()
+	httpClient = http.Client{
 		Transport: (*muxTransport)(serveMux),
-		Jar:       cookieJar,
 	}
 	apiClient = models.NewClient(&httpClient)
+	testToken models.UserSession
 )
 
 func setup() {
@@ -34,6 +34,10 @@ func setup() {
 	resp, _ := httpClient.PostForm(u.String(),
 		url.Values{"username": {"test_user"}, "password": {"password"}})
 	defer resp.Body.Close()
+
+	if err := json.NewDecoder(resp.Body).Decode(&testToken); err != nil {
+		panic(err)
+	}
 }
 
 type muxTransport http.ServeMux
@@ -43,6 +47,7 @@ type muxTransport http.ServeMux
 func (t *muxTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	rw := httptest.NewRecorder()
 	rw.Body = new(bytes.Buffer)
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", testToken.Token))
 	(*http.ServeMux)(t).ServeHTTP(rw, req)
 	return &http.Response{
 		StatusCode:    rw.Code,
diff --git a/api/users.go b/api/users.go
index c354275..c53f5c5 100644
--- a/api/users.go
+++ b/api/users.go
@@ -68,6 +68,7 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) error {
 
 	user_session, err := store.Users.Authenticate(username, password)
 	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
 		return err
 	}
 
@@ -77,16 +78,10 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) error {
 	t.Claims["exp"] = time.Now().Add(time.Minute * 1).Unix()
 	tokenString, err := t.SignedString(signKey)
 	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
+		w.WriteHeader(http.StatusUnauthorized)
 		return err
 	}
-
-	http.SetCookie(w, &http.Cookie{
-		Name:       tokenName,
-		Value:      tokenString,
-		Path:       "/",
-		RawExpires: "0",
-	})
+	user_session.Token = tokenString
 
 	return writeJSON(w, user_session)
 }
diff --git a/models/users.go b/models/users.go
index 5a95df1..3b23b35 100644
--- a/models/users.go
+++ b/models/users.go
@@ -53,6 +53,7 @@ type UsersService interface {
 }
 
 type UserSession struct {
+	Token       string `json:"token"`
 	AccessLevel string `json:"access_level"`
 	Genus       string `json:"genus"`
 }