diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index f9f049984e..2c34e04de5 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -84,7 +84,8 @@ namespace Bit.Api
                     options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
                         globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
                     options.NameClaimType = ClaimTypes.Email;
-                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer", "access_token");
+                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(
+                        new string[] { "Bearer", "Bearer3" });
                     options.SupportedTokens = SupportedTokens.Jwt;
                 });
 
diff --git a/src/Api/Utilities/TokenRetrieval.cs b/src/Api/Utilities/TokenRetrieval.cs
index fa5e78461c..fbfeec829d 100644
--- a/src/Api/Utilities/TokenRetrieval.cs
+++ b/src/Api/Utilities/TokenRetrieval.cs
@@ -6,8 +6,7 @@ namespace Bit.Api.Utilities
 {
     public static class TokenRetrieval
     {
-        public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString(string headerScheme = "Bearer",
-            string qsName = "access_token")
+        public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString(string[] authHeaderSchemes)
         {
             return (request) =>
             {
@@ -18,9 +17,9 @@ namespace Bit.Api.Utilities
                     // Bearer token could exist in the 'Content-Language' header on clients that want to avoid pre-flights.
                     var languageAuth = request.Headers["Content-Language"].FirstOrDefault();
                     if(string.IsNullOrWhiteSpace(languageAuth) ||
-                        !languageAuth.StartsWith($"{headerScheme} ", StringComparison.OrdinalIgnoreCase))
+                        !languageAuth.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
                     {
-                        return request.Query[qsName].FirstOrDefault();
+                        return request.Query["access_token"].FirstOrDefault();
                     }
                     else
                     {
@@ -28,9 +27,12 @@ namespace Bit.Api.Utilities
                     }
                 }
 
-                if(authorization.StartsWith($"{headerScheme} ", StringComparison.OrdinalIgnoreCase))
+                foreach(var headerScheme in authHeaderSchemes)
                 {
-                    return authorization.Substring(headerScheme.Length + 1).Trim();
+                    if(authorization.StartsWith($"{headerScheme} ", StringComparison.OrdinalIgnoreCase))
+                    {
+                        return authorization.Substring(headerScheme.Length + 1).Trim();
+                    }
                 }
 
                 return null;