diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index beeb88e0d2a..ec83a98dd49 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -186,6 +186,10 @@ This requires you to implement six methods::
         {
             $apiKey = $credentials['token'];
 
+            if (null === $apiKey) {
+                return;
+            }
+
             // if null, authentication will fail
             // if a User object, checkCredentials() is called
             return $userProvider->loadUserByUsername($apiKey);