diff --git a/src/utils/files.tsx b/src/utils/files.tsx
index 0e76d5d..7812134 100644
--- a/src/utils/files.tsx
+++ b/src/utils/files.tsx
@@ -48,14 +48,12 @@ export const makeFileUpload = async (files: FileList | Array<File>, options?: {
   }
 
   // Only add headers for authenticated users.
-  const headers: Record<string, string> = {};
   if (auth.profile) {
-    headers.authorization = auth.profile.api_token;
+    body.set("api_token", auth.profile.api_token);
   }
 
   const response = await fetch("/api/workspace/upload", {
     method: "PUT",
-    headers,
     body
   });
 
diff --git a/supabase/functions/upload-file/index.ts b/supabase/functions/upload-file/index.ts
index 6f2c4a4..1a837a3 100644
--- a/supabase/functions/upload-file/index.ts
+++ b/supabase/functions/upload-file/index.ts
@@ -24,13 +24,12 @@ const json = <T>(data: T, options?: { status: number }) => new Response(
  */
 serve(async (req: Request) => {
   if (req.method === "PUT") {
-    const api_token = req.headers.get("authorization");
-  
-    let user_profile: UserProfile | undefined;
-    if (api_token) (user_profile = await getUserProfile(api_token));
-  
     const formData = await req.formData();
     const formDataFiles = formData.getAll("files") as File[];
+    const formDataApiToken = formData.get("api_token") as string | undefined;
+    
+    let user_profile: UserProfile | undefined;
+    if (formDataApiToken) (user_profile = await getUserProfile(formDataApiToken));
   
     const workspaceId = (formData.get("workspace_id") as string | undefined) ?? user_profile?.root_workspace_id ?? undefined;