diff --git a/changedetectionio/api/auth.py b/changedetectionio/api/auth.py
index 1598b449..806a8ccd 100644
--- a/changedetectionio/api/auth.py
+++ b/changedetectionio/api/auth.py
@@ -10,6 +10,10 @@ def check_token(f):
     def decorated(*args, **kwargs):
         datastore = args[0].datastore
 
+        config_api_token_enabled = datastore.data['settings']['application'].get('api_access_token_enabled')
+        if not config_api_token_enabled:
+            return
+
         try:
             api_key_header = request.headers['x-api-key']
         except KeyError:
@@ -18,9 +22,8 @@ def check_token(f):
             )
 
         config_api_token = datastore.data['settings']['application'].get('api_access_token')
-        config_api_token_enabled = datastore.data['settings']['application'].get('api_access_token_enabled')
 
-        if config_api_token_enabled and api_key_header != config_api_token:
+        if api_key_header != config_api_token:
             return make_response(
                 jsonify("Invalid access - API key invalid."), 403
             )
diff --git a/changedetectionio/tests/test_api.py b/changedetectionio/tests/test_api.py
index d126c53f..774dd634 100644
--- a/changedetectionio/tests/test_api.py
+++ b/changedetectionio/tests/test_api.py
@@ -198,8 +198,6 @@ def test_access_denied(client, live_server):
         follow_redirects=True
     )
 
-#    with open('/tmp/f.html', 'wb') as f:
-#        f.write(res.data)
     assert b"Settings updated." in res.data
 
     res = client.get(