diff --git a/auth/builtin.go b/auth/builtin.go
index 3a444c9d..f1f363f1 100644
--- a/auth/builtin.go
+++ b/auth/builtin.go
@@ -62,15 +62,28 @@ func (r *NoAuth) Refresh(refresh string) (token Token, err error) {
 type Builtin struct {
 }
 
+// Parse Token out of a string
+func parseToken(requestToken string) (token string, err error) {
+	splitToken := strings.Fields(requestToken)
+	if len(splitToken) != 2 || strings.ToLower(splitToken[0]) != "bearer" {
+		err = liberr.Wrap(&NotValid{Token: requestToken})
+		return
+	}
+	token = splitToken[1]
+	return
+}
+
 // Authenticate the token
 func (r *Builtin) Authenticate(request *Request) (jwToken *jwt.Token, err error) {
-	token := strings.Replace(request.Token, "Bearer", "", 1)
-	token = strings.Fields(token)[0]
 	defer func() {
 		if err != nil {
 			Log.Info(err.Error())
 		}
 	}()
+	token, err := parseToken(request.Token)
+	if err != nil {
+		return
+	}
 	jwToken, err = jwt.Parse(
 		token,
 		func(jwToken *jwt.Token) (secret interface{}, err error) {
diff --git a/auth/builtin_test.go b/auth/builtin_test.go
new file mode 100644
index 00000000..42ea1e5c
--- /dev/null
+++ b/auth/builtin_test.go
@@ -0,0 +1,66 @@
+package auth
+
+import "testing"
+
+func TestParseToken(t *testing.T) {
+	type args struct {
+		requestToken string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			name:    "Valid Bearer token",
+			args:    args{requestToken: "Bearer AAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"},
+			want:    "AAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F",
+			wantErr: false,
+		},
+		{
+			name: "Empty Bearer token",
+			args: args{
+				requestToken: "Bearer ",
+			},
+			want:    "",
+			wantErr: true,
+		},
+		{
+			name: "Empty Bearer token no whitespace",
+			args: args{
+				requestToken: "Bearer",
+			},
+			want:    "",
+			wantErr: true,
+		},
+		{
+			name: "Empty request Token",
+			args: args{
+				requestToken: "",
+			},
+			want:    "",
+			wantErr: true,
+		},
+		{
+			name: "Misspelled Bearer",
+			args: args{
+				requestToken: "Bearr AAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F",
+			},
+			want:    "",
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := parseToken(tt.args.requestToken)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("parseToken() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("parseToken() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/binding/client.go b/binding/client.go
index 6e9ca635..93ce4a43 100644
--- a/binding/client.go
+++ b/binding/client.go
@@ -636,7 +636,7 @@ func (r *Client) send(rb func() (*http.Request, error)) (response *http.Response
 		if err != nil {
 			return
 		}
-		request.Header.Set(api.Authorization, r.token.Token)
+		request.Header.Set(api.Authorization, "Bearer "+r.token.Token)
 		client := http.Client{Transport: r.transport}
 		response, err = client.Do(request)
 		if err != nil {