diff --git a/paperless-backend/src/auth/api-key.guard.ts b/paperless-backend/src/auth/api-key.guard.ts
index 8ce3a24..8bdef25 100644
--- a/paperless-backend/src/auth/api-key.guard.ts
+++ b/paperless-backend/src/auth/api-key.guard.ts
@@ -10,12 +10,20 @@ export class ApiKeyGuard implements CanActivate {
     
     // Check header (X-API-Key)
     let apiKey = request.headers['x-api-key'] || request.headers['X-API-Key'];
-    
+
     // Fallback to query parameter (apiKey)
     if (!apiKey) {
       apiKey = request.query['apiKey'];
     }
 
+    // Fallback to Authorization: Bearer (used by SSE clients that can't set X-API-Key)
+    if (!apiKey) {
+      const auth: string | undefined = request.headers['authorization'];
+      if (auth?.startsWith('Bearer ')) {
+        apiKey = auth.slice(7);
+      }
+    }
+
     if (!apiKey) {
       throw new UnauthorizedException('API Key missing');
     }