metabrainz · fettuccinae · Aug 11, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 14, 2025
diff --git a/metabrainz/decorators.py b/metabrainz/decorators.py
@@ -80,7 +80,7 @@ def wrapped_function(*args, **kwargs):
 def ccg_token_required(f):
     """
     This decorator protects an endpoint by validating an access token.
-    Token should be provided as a query parameter.
+    Token should be provided in the Authorization header.
     Token must be generated by an official MeB project and must contain 'notification' scope.
 
     Raises:
@@ -90,10 +90,14 @@ def ccg_token_required(f):
 
     """
     @wraps(f)
-    def decorated(*args,**kwargs):
-        token = request.args.get('token')
+    def decorated(*args, **kwargs):
+        auth_header = request.headers.get("Authorization")
+        if not auth_header or not auth_header.startswith("Bearer "):
+            raise APIBadRequest("Missing or invalid Authorization header")
+        token = auth_header.split(" ", 1)[1]
         if not token:
-            raise APIBadRequest('Missing access token.')
+            raise APIBadRequest("Missing access token.")
+
         data = {
             "client_id": current_app.config["MUSICBRAINZ_CLIENT_ID"],
             "client_secret": current_app.config["MUSICBRAINZ_CLIENT_SECRET"],