diff --git a/auth_api_key/models/ir_http.py b/auth_api_key/models/ir_http.py
index c4959103d0..71481fab2a 100644
--- a/auth_api_key/models/ir_http.py
+++ b/auth_api_key/models/ir_http.py
@@ -18,8 +18,8 @@ class IrHttp(models.AbstractModel):
 
     @classmethod
     def _auth_method_api_key(cls):
-        headers = request.httprequest.environ
-        api_key = headers.get("HTTP_API_KEY")
+        headers = request.httprequest.headers
+        api_key = headers.get("API_KEY")
         if api_key:
             request.update_env(user=1)
             auth_api_key = request.env["auth.api.key"]._retrieve_api_key(api_key)
diff --git a/auth_api_key/tests/test_auth_api_key.py b/auth_api_key/tests/test_auth_api_key.py
index 7908c42eb7..35224153b1 100644
--- a/auth_api_key/tests/test_auth_api_key.py
+++ b/auth_api_key/tests/test_auth_api_key.py
@@ -1,8 +1,13 @@
 # Copyright 2018 ACSONE SA/NV
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from werkzeug.datastructures import EnvironHeaders
+
 from odoo.exceptions import AccessError, ValidationError
 from odoo.tests.common import TransactionCase
 
+from odoo.addons.website.tools import MockRequest
+
 
 class TestAuthApiKey(TransactionCase):
     @classmethod
@@ -68,3 +73,12 @@ def test_user_archived_unarchived_with_option_off(self):
         self.assertEqual(
             self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id
         )
+
+    def test_api_key_headers(self):
+        """The API key in the headers is read."""
+        with MockRequest(self.env) as mocked_request:
+            mocked_request.httprequest.environ["HTTP_API_KEY"] = self.api_key_good.key
+            mocked_request.httprequest.headers = EnvironHeaders(
+                mocked_request.httprequest.environ
+            )
+            self.assertTrue(self.env["ir.http"]._auth_method_api_key())