diff --git a/lib/thinx/apikey.js b/lib/thinx/apikey.js
index f16b5a5d9..f4b171605 100644
--- a/lib/thinx/apikey.js
+++ b/lib/thinx/apikey.js
@@ -4,6 +4,7 @@
 var Globals = require("./globals.js");
 var AuditLog = require("./audit");
 var sha256 = require("sha256");
+const crypto = require('crypto');
 
 const InfluxConnector = require('./influx');
 module.exports = class APIKey {
@@ -77,7 +78,7 @@ module.exports = class APIKey {
 			let api_keys = JSON.parse(json_keys) || [];
 
 			for (let key in json_keys) {
-				if (key.key == new_api_key) {
+				if (key.key && crypto.timingSafeEqual(Buffer.from(key.key), Buffer.from(new_api_key))) {
 					return callback(false, "key_already_exists");
 				}
 				if (key.alias == apikey_alias) {