diff --git a/core/server/middleware/auth.js b/core/server/middleware/auth.js
index 1878f3d669..43837f1762 100644
--- a/core/server/middleware/auth.js
+++ b/core/server/middleware/auth.js
@@ -19,6 +19,8 @@ function isBearerAutorizationHeader(req) {
 
     if (req.headers && req.headers.authorization) {
         parts = req.headers.authorization.split(' ');
+    } else if (req.query && req.query.access_token) {
+        return true;
     } else {
         return false;
     }
diff --git a/core/test/functional/routes/api/db_spec.js b/core/test/functional/routes/api/db_spec.js
index bdac308cbd..ae20e1e27f 100644
--- a/core/test/functional/routes/api/db_spec.js
+++ b/core/test/functional/routes/api/db_spec.js
@@ -47,4 +47,20 @@ describe('DB API', function () {
                 done();
             });
     });
+
+    it('should work with access token set as query parameter', function (done) {
+        request.get(testUtils.API.getApiQuery('db/?access_token=' + accesstoken))
+            .expect('Content-Type', /json/)
+            .expect(200)
+            .end(function (err, res) {
+                if (err) {
+                    return done(err);
+                }
+
+                var jsonResponse = res.body;
+                should.exist(jsonResponse.db);
+                jsonResponse.db.should.have.length(1);
+                done();
+            });
+    });
 });