diff --git a/cookbook/security/api_key_authentication.rst b/cookbook/security/api_key_authentication.rst
index 0add181f1c0..0feefca9a4b 100644
--- a/cookbook/security/api_key_authentication.rst
+++ b/cookbook/security/api_key_authentication.rst
@@ -45,13 +45,19 @@ value and then a User object is created::
 
         public function createToken(Request $request, $providerKey)
         {
-            if (!$request->query->has('apikey')) {
+            // look for an apikey query parameter
+            $apiKey = $request->query->get('apikey');
+
+            // or if you want to use an "apikey" header, then do something like this:
+            // $apiKey = $request->headers->get('apikey');
+
+            if (!$apiKey) {
                 throw new BadCredentialsException('No API key found');
             }
 
             return new PreAuthenticatedToken(
                 'anon.',
-                $request->query->get('apikey'),
+                $apiKey,
                 $providerKey
             );
         }