diff --git a/web.py b/web.py
index ce49072..ad0c198 100644
--- a/web.py
+++ b/web.py
@@ -11,9 +11,9 @@ logger.propagate = False
 
 
 def check_secret(req: falcon.request.Request, resp: falcon.response.Response, resource, params) -> None:
-    cookies_secret = req.get_cookie_values('key')
+    cookies_secret = req.headers.get('AUTH')
 
-    if cookies_secret is None or cookies_secret[0] != config.access_key:
+    if cookies_secret != config.access_key:
         raise falcon.HTTPForbidden