diff --git a/public_html/js/Api.js b/public_html/js/Api.js
index 5635cef7..e1f42257 100644
--- a/public_html/js/Api.js
+++ b/public_html/js/Api.js
@@ -1,6 +1,6 @@
 var App = App || {};
 
-App.API = function(promise) {
+App.API = function(promise, appState) {
 
 	var baseUrl = '/api/';
 
@@ -26,6 +26,9 @@ App.API = function(promise) {
 
 		return promise.make(function(resolve, reject) {
 			$.ajax({
+				headers: {
+					'X-Authorization-Token': appState.get('loginToken') || '',
+				},
 				success: function(data, textStatus, xhr) {
 					resolve({
 						status: xhr.status,
diff --git a/src/Dispatcher.php b/src/Dispatcher.php
index 08af74f2..06d019fa 100644
--- a/src/Dispatcher.php
+++ b/src/Dispatcher.php
@@ -4,10 +4,12 @@ namespace Szurubooru;
 final class Dispatcher
 {
 	private $router;
+	private $authService;
 
 	public function __construct(
 		\Szurubooru\Router $router,
 		\Szurubooru\Helpers\HttpHelper $httpHelper,
+		\Szurubooru\Services\AuthService $authService,
 		\Szurubooru\ControllerRepository $controllerRepository)
 	{
 		$this->router = $router;
@@ -15,6 +17,7 @@ final class Dispatcher
 
 		//if script fails prematurely, mark it as fail from advance
 		$this->httpHelper->setResponseCode(500);
+		$this->authService = $authService;
 
 		foreach ($controllerRepository->getControllers() as $controller)
 			$controller->registerRoutes($router);
@@ -26,6 +29,7 @@ final class Dispatcher
 		try
 		{
 			$code = 200;
+			$this->authorizeFromRequestHeader();
 			$json = (array) $this->router->handle(
 				$this->httpHelper->getRequestMethod(),
 				$this->httpHelper->getRequestUri());
@@ -47,4 +51,11 @@ final class Dispatcher
 
 		return $json;
 	}
+
+	private function authorizeFromRequestHeader()
+	{
+		$loginToken = $this->httpHelper->getRequestHeader('X-Authorization-Token');
+		if ($loginToken)
+			$this->authService->loginFromToken($loginToken);
+	}
 }
diff --git a/src/Helpers/HttpHelper.php b/src/Helpers/HttpHelper.php
index 517fb17c..d89338c3 100644
--- a/src/Helpers/HttpHelper.php
+++ b/src/Helpers/HttpHelper.php
@@ -23,6 +23,17 @@ class HttpHelper
 		$this->output(json_encode((array) $data));
 	}
 
+	public function getRequestHeaders()
+	{
+		return getallheaders();
+	}
+
+	public function getRequestHeader($key)
+	{
+		$headers = $this->getRequestHeaders();
+		return isset($headers[$key]) ? $headers[$key] : null;
+	}
+
 	public function getRequestMethod()
 	{
 		return $_SERVER['REQUEST_METHOD'];
diff --git a/src/Services/AuthService.php b/src/Services/AuthService.php
index 6ee03495..a0b50f67 100644
--- a/src/Services/AuthService.php
+++ b/src/Services/AuthService.php
@@ -1,7 +1,7 @@
 <?php
 namespace Szurubooru\Services;
 
-final class AuthService
+class AuthService
 {
 	private $loggedInUser = null;
 	private $loginToken = null;
diff --git a/tests/DispatcherTest.php b/tests/DispatcherTest.php
index 26405c6b..cbeffd43 100644
--- a/tests/DispatcherTest.php
+++ b/tests/DispatcherTest.php
@@ -3,23 +3,31 @@ namespace Szurubooru\Tests;
 
 final class DispatcherTest extends \Szurubooru\Tests\AbstractTestCase
 {
+	private $routerMock;
+	private $httpHelperMock;
+	private $authServiceMock;
+	private $controllerRepositoryMock;
+
+	public function setUp()
+	{
+		$this->routerMock = $this->mock(\Szurubooru\Router::class);
+		$this->httpHelperMock = $this->mock(\Szurubooru\Helpers\HttpHelper::class);
+		$this->authServiceMock = $this->mock(\Szurubooru\Services\AuthService::class);
+		$this->controllerRepositoryMock = $this->mock(\Szurubooru\ControllerRepository::class);
+	}
+
 	public function testDispatchingArrays()
 	{
 		$expected = ['test' => 'toy'];
 
-		$httpHelperMock = $this->getHttpHelperMock();
-		$httpHelperMock
+		$this->httpHelperMock
 			->expects($this->exactly(2))
 			->method('setResponseCode')
 			->withConsecutive([$this->equalTo(500)], [$this->equalTo(200)]);
+		$this->routerMock->expects($this->once())->method('handle')->willReturn($expected);
+		$this->controllerRepositoryMock->method('getControllers')->willReturn([]);
 
-		$routerMock = $this->getRouterMock();
-		$routerMock->expects($this->once())->method('handle')->willReturn($expected);
-
-		$controllerRepositoryMock = $this->getControllerRepositoryMock();
-		$controllerRepositoryMock->method('getControllers')->willReturn([]);
-
-		$dispatcher = new \Szurubooru\Dispatcher($routerMock, $httpHelperMock, $controllerRepositoryMock);
+		$dispatcher = $this->getDispatcher();
 		$actual = $dispatcher->run();
 
 		unset($actual['__time']);
@@ -32,33 +40,22 @@ final class DispatcherTest extends \Szurubooru\Tests\AbstractTestCase
 		$classData->bunny = 5;
 		$expected = ['bunny' => 5];
 
-		$httpHelperMock = $this->getHttpHelperMock();
+		$this->routerMock->expects($this->once())->method('handle')->willReturn($classData);
+		$this->controllerRepositoryMock->method('getControllers')->willReturn([]);
 
-		$routerMock = $this->getRouterMock();
-		$routerMock->expects($this->once())->method('handle')->willReturn($classData);
-
-		$controllerRepositoryMock = $this->getControllerRepositoryMock();
-		$controllerRepositoryMock->method('getControllers')->willReturn([]);
-
-		$dispatcher = new \Szurubooru\Dispatcher($routerMock, $httpHelperMock, $controllerRepositoryMock);
+		$dispatcher = $this->getDispatcher();
 		$actual = $dispatcher->run();
 
 		unset($actual['__time']);
 		$this->assertEquals($expected, $actual);
 	}
 
-	private function getHttpHelperMock()
+	private function getDispatcher()
 	{
-		return $this->getMockBuilder(\Szurubooru\Helpers\HttpHelper::class)->disableOriginalConstructor()->getMock();
-	}
-
-	private function getRouterMock()
-	{
-		return $this->getMockBuilder(\Szurubooru\Router::class)->disableOriginalConstructor()->getMock();
-	}
-
-	private function getControllerRepositoryMock()
-	{
-		return $this->getMockBuilder(\Szurubooru\ControllerRepository::class)->disableOriginalConstructor()->getMock();
+		return new \Szurubooru\Dispatcher(
+			$this->routerMock,
+			$this->httpHelperMock,
+			$this->authServiceMock,
+			$this->controllerRepositoryMock);
 	}
 }