diff --git a/README.md b/README.md
index e5664c02ad965e2825671dfc3e4f3dc4ceb9826d..b24ffabb655089f92c7ac210511edb8ca04531c1 100644
--- a/README.md
+++ b/README.md
@@ -108,6 +108,10 @@ Before using social API it is necessary to register an application on each socia
 
 Copy the `config-example.php` into `config.php` and edit it for matching your needs.
 
+### Generate keypair
+
+    php exec/generate-keypair.php
+
 ### Logs directory
 
 Create the logs directory and assign ownership to the Apache user (usually www-data or apache)
diff --git a/include/front-controller.php b/include/front-controller.php
index e10616f6c638c85828ad6f8c2988f78be90f9860..5d8f3ced118e55c3234d81938b4aee2c971039c1 100644
--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -127,10 +127,21 @@ Flight::route('POST /auth/oauth2/check_token', function() {
 
     global $locator;
 
-    $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
+    $headers = apache_request_headers();
+
+    if (!isset($headers['Authorization'])) {
+        throw new BadRequestException("Missing Authorization header");
+    }
+
+    $authorizationHeader = explode(" ", $headers['Authorization']);
+    if ($authorizationHeader[0] === "Bearer") {
+        $token = $authorizationHeader[1];
+    } else {
+        throw new BadRequestException("Invalid token type");
+    }
 
     if ($token === null) {
-        throw new BadRequestException("Access token id is required");
+        throw new BadRequestException("Access token is required");
     }
 
     $requestHandler = new \RAP\OAuth2RequestHandler($locator);