diff --git a/cookbook/templates/settings.html b/cookbook/templates/settings.html
index 9601cf4c5..f650a95c3 100644
--- a/cookbook/templates/settings.html
+++ b/cookbook/templates/settings.html
@@ -24,13 +24,15 @@
     <form action="." method="post">
         {% csrf_token %}
         {{ user_name_form|crispy }}
-        <button class="btn btn-success" type="submit" name="user_name_form"><i class="fas fa-save"></i> {% trans 'Save' %}</button>
+        <button class="btn btn-success" type="submit" name="user_name_form"><i
+                class="fas fa-save"></i> {% trans 'Save' %}</button>
     </form>
 
     <form action="." method="post">
         {% csrf_token %}
         {{ password_form|crispy }}
-        <button class="btn btn-success" type="submit" name="password_form"><i class="fas fa-save"></i> {% trans 'Save' %}</button>
+        <button class="btn btn-success" type="submit" name="password_form"><i
+                class="fas fa-save"></i> {% trans 'Save' %}</button>
     </form>
 
     <br/>
@@ -66,10 +68,41 @@
     <form action="." method="post">
         {% csrf_token %}
         {{ preference_form|crispy }}
-        <button class="btn btn-success" type="submit" name="preference_form"><i class="fas fa-save"></i> {% trans 'Save' %}</button>
+        <button class="btn btn-success" type="submit" name="preference_form"><i
+                class="fas fa-save"></i> {% trans 'Save' %}</button>
     </form>
 
+    <br/>
+    <br/>
+
+    <h4><i class="fas fa-terminal fa-fw"></i> {% trans 'API Token' %}</h4>
+    {% trans 'You can use both basic authentication and token based authentication to access the REST API.' %} <br/>
+    <br/>
 
 
+    <div class="input-group mb-3">
+        <input class="form-control" value="{{ api_token }}" id="id_token">
+        <div class="input-group-append">
+            <button class="input-group-btn btn btn-primary" onclick="copyToken()"><i
+                    class="far fa-copy"></i></button>
+        </div>
+    </div>
+    <br/>
+    {% trans 'Use the token as an Authorization header prefixed by the word token as shown in the following examples:' %}
+    <br/>
+    <code>Authorization: Token {{ api_token }}</code> {% trans 'or' %}<br/>
+    <code>curl -X GET http://your.domain.com/api/recipes/ -H 'Authorization: Token {{ api_token }}'</code>
 
+    <br/>
+    <br/>
+    <br/>
+    <br/>
+
+    <script type="application/javascript">
+        function copyToken() {
+            let token = $('#id_token');
+            token.select();
+            document.execCommand("copy");
+        }
+    </script>
 {% endblock %}
\ No newline at end of file
diff --git a/cookbook/views/views.py b/cookbook/views/views.py
index 25a90d922..61804cc34 100644
--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@@ -16,6 +16,7 @@ from django_tables2 import RequestConfig
 from django.utils.translation import gettext as _
 
 from django.conf import settings
+from rest_framework.authtoken.models import Token
 
 from cookbook.filters import RecipeFilter
 from cookbook.forms import *
@@ -246,7 +247,10 @@ def user_settings(request):
     else:
         preference_form = UserPreferenceForm()
 
-    return render(request, 'settings.html', {'preference_form': preference_form, 'user_name_form': user_name_form, 'password_form': password_form})
+    if (api_token := Token.objects.filter(user=request.user).first()) is None:
+        api_token = Token.objects.create(user=request.user)
+
+    return render(request, 'settings.html', {'preference_form': preference_form, 'user_name_form': user_name_form, 'password_form': password_form, 'api_token': api_token})
 
 
 @group_required('guest')
diff --git a/recipes/settings.py b/recipes/settings.py
index 70fc60271..1eef94c70 100644
--- a/recipes/settings.py
+++ b/recipes/settings.py
@@ -10,6 +10,9 @@ For the full list of settings and their values, see
 https://docs.djangoproject.com/en/2.0/ref/settings/
 """
 import os
+import random
+import string
+
 from django.contrib import messages
 from dotenv import load_dotenv
 from django.utils.translation import gettext_lazy as _
@@ -17,7 +20,7 @@ from django.utils.translation import gettext_lazy as _
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
 # Get vars from .env files
-SECRET_KEY = os.getenv('SECRET_KEY') if os.getenv('SECRET_KEY') else '728f4t5438rz0748fa89esf9e'
+SECRET_KEY = os.getenv('SECRET_KEY') if os.getenv('SECRET_KEY') else 'INSECURE_STANDARD_KEY_SET_IN_ENV'
 
 DEBUG = bool(int(os.getenv('DEBUG', True)))
 
@@ -61,6 +64,7 @@ INSTALLED_APPS = [
     'crispy_forms',
     'emoji_picker',
     'rest_framework',
+    'rest_framework.authtoken',
     'django_cleanup.apps.CleanupConfig',
     'cookbook.apps.CookbookConfig',
 ]
@@ -85,6 +89,14 @@ if REVERSE_PROXY_AUTH:
     MIDDLEWARE.append('recipes.middleware.CustomRemoteUser')
     AUTHENTICATION_BACKENDS.append('django.contrib.auth.backends.RemoteUserBackend')
 
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
+        'rest_framework.authentication.BasicAuthentication',
+    )
+}
+
 ROOT_URLCONF = 'recipes.urls'
 
 TEMPLATES = [