diff --git a/nomad/api/app.py b/nomad/api/app.py
index 0a16c3e0de999421e599edcb6a32445ffc9a49f8..19e85cf5946d722d950c56fbf83402f47460ab91 100644
--- a/nomad/api/app.py
+++ b/nomad/api/app.py
@@ -41,13 +41,18 @@ CORS(app)
 authorizations = {
     'HTTP Basic': {
         'type': 'basic'
+    },
+    'X-Token': {
+        'type': 'apiKey',
+        'in': 'header',
+        'name': 'X-Token'
     }
 }
 
 api = Api(
     app, version='1.0', title='nomad@FAIRDI API', authorizations=authorizations,
     description='Official API for nomad@FAIRDI services.')
-""" Provides the flask restful api instance """
+""" Provides the flask restplust api instance """
 
 
 @app.errorhandler(HTTPException)
diff --git a/tests/test_api.py b/tests/test_api.py
index 3f749304e052e02dd48858866a9e204c10e4778b..d8fddc427d42befc2ef06f317d9205e54f1e948b 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -65,7 +65,7 @@ def test_other_user_auth(other_test_user):
 class TestAuth:
     def test_xtoken_auth(self, client, test_user, no_warn):
         rv = client.get('/uploads/', headers={
-            'X-Token': test_user.email
+            'X-Token': test_user.email  # the test users have their email as tokens for convinience
         })
 
         assert rv.status_code == 200