diff --git a/create.go b/create.go
index 9e67d6dbd96046981724dcac8c7503c2630b419c..ba523a714c984727a40319ff94d1ba59f906d836 100644
--- a/create.go
+++ b/create.go
@@ -15,8 +15,9 @@ func (m *model) create(writer http.ResponseWriter, request *http.Request) {
 
 	token := request.Header.Get("Authorization")
 	token = strings.TrimPrefix(token, "Bearer ")
+	cookie, err := request.Cookie("access_token")
 
-	if token != m.AccessToken {
+	if token != m.AccessToken && cookie.Value != m.AccessToken {
 		http.Error(writer, "401 Unauthorized: You do not have permission to create shortlinks", 403)
 		return
 	}