diff --git a/app/assets/stylesheets/users.css.scss b/app/assets/stylesheets/users.css.scss
index ca2d83d..34acd16 100644
--- a/app/assets/stylesheets/users.css.scss
+++ b/app/assets/stylesheets/users.css.scss
@@ -49,3 +49,7 @@ table.pure-table-striped {
 #s2id_transaction_creditor {
   min-width: 150px;
 }
+
+.reset_key {
+  display: inline;
+}
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 19d333d..ddae356 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,7 +11,7 @@ class ApplicationController < ActionController::Base
   end
 
   def authenticate_user_or_client!
-    current_user || current_client || redirect_to(root_path, flash: { notice: "You have been redirected." })
+    current_user || current_client || user_token || redirect_to(root_path, flash: { notice: "You have been redirected." })
   end
 
   def current_client
@@ -23,7 +23,13 @@ class ApplicationController < ActionController::Base
   def current_ability
     @current_ability ||=
       current_client.try { |c| ClientAbility.new(c) } ||
-      UserAbility.new(current_user)
+      UserAbility.new(current_user || user_token)
+  end
+
+  def user_token
+    @user_token ||= authenticate_with_http_token do |token, options|
+      User.find_by key: token
+    end
   end
 
   def after_sign_in_path_for(resource)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2d771b4..f2376a4 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,10 +1,10 @@
 class UsersController < ApplicationController
-  skip_before_action :verify_authenticity_token, only: :create, find_by: :name
+  skip_before_action :verify_authenticity_token, only: :create
 
   before_action :authenticate_user!, except: :show
   before_action :authenticate_user_or_client!, only: :show
 
-  load_and_authorize_resource except: :show
+  load_and_authorize_resource except: :show, find_by: :name
 
   def show
     @user = User.find_by(name: params[:id]) || User.new
@@ -18,4 +18,9 @@ class UsersController < ApplicationController
   def index
     @users = User.all
   end
+
+  def reset_key
+    @user.generate_key!
+    redirect_to @user
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index a60aceb..e4c4266 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -50,4 +50,17 @@ class User < ActiveRecord::Base
     @@zeus ||= find_or_create_by name: 'Zeus'
   end
 
+  def generate_key
+    set_key unless self.key
+  end
+
+  def generate_key!
+    set_key
+    self.save
+  end
+
+  private
+  def set_key
+    self.key = SecureRandom.base64(16)
+  end
 end
diff --git a/app/models/user_ability.rb b/app/models/user_ability.rb
index 1574f44..d22c540 100644
--- a/app/models/user_ability.rb
+++ b/app/models/user_ability.rb
@@ -5,7 +5,7 @@ class UserAbility
     return unless user
 
     can :manage, :all if user.penning?
-    can :read,   user, id: user.id
+    can :manage, user, id: user.id
     can :manage, Request,      creditor_id: user.id
     can :manage, Notification, user_id: user.id
     can :create, Transaction do |t|
diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml
index 5260746..8ac9252 100644
--- a/app/views/users/show.html.haml
+++ b/app/views/users/show.html.haml
@@ -65,3 +65,8 @@
       %th Message
   %tbody
 %h3="Zeus account number: BE32 9799 9370 6502"
+="API key: #{@user.key}"
+= button_to "reset", reset_key_user_path(@user), {form_class: 'reset_key', class: 'btn btn-small'}
+%br
+Example:
+%code="curl -H \"Accept: application/json\" -H \"Authorization: Token token=#{@user.key}\" #{user_url(@user)}"
diff --git a/config/routes.rb b/config/routes.rb
index bf1b9d5..bfa1946 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -22,6 +22,7 @@ Rails.application.routes.draw do
     resources :notifications, only: [:index], shallow: true do
       post :read
     end
+    post :reset_key, on: :member
   end
 
   get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions"
diff --git a/db/migrate/20180620161021_add_token_to_user.rb b/db/migrate/20180620161021_add_token_to_user.rb
new file mode 100644
index 0000000..85c57b8
--- /dev/null
+++ b/db/migrate/20180620161021_add_token_to_user.rb
@@ -0,0 +1,10 @@
+class AddTokenToUser < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :key, :string
+
+    User.all.each do |user|
+      user.generate_key
+      user.save
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 0afdaf2..b00571f 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2017_01_23_151219) do
+ActiveRecord::Schema.define(version: 2018_06_20_161021) do
 
   create_table "clients", force: :cascade do |t|
     t.string "name", null: false
@@ -86,6 +86,7 @@ ActiveRecord::Schema.define(version: 2017_01_23_151219) do
     t.boolean "penning", default: false, null: false
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string "key"
     t.index ["balance"], name: "index_users_on_balance"
     t.index ["name"], name: "index_users_on_name"
   end