diff --git a/src/aioappsrv/app.py b/src/aioappsrv/app.py
index 07c1975..f994ac9 100644
--- a/src/aioappsrv/app.py
+++ b/src/aioappsrv/app.py
@@ -50,7 +50,11 @@ class AppService:
 
 	async def _handler(self, request: web.Request) -> web.Response:
 		self.logger.debug("handling webhook callback %s", request)
-		hs_token = request.query.getone("access_token")
+		hs_token = request.headers.get("Authorization")
+		if not hs_token:
+			hs_token = request.query.get("access_token") # older method
+		else:
+			hs_token = hs_token.replace("Bearer ", "")
 		if not hs_token:
 			return web.Response(status=401)
 		if hs_token != self.hs_token: