diff --git a/cookbook/static/js/bookmarklet.js b/cookbook/static/js/bookmarklet_v3.js
similarity index 96%
rename from cookbook/static/js/bookmarklet.js
rename to cookbook/static/js/bookmarklet_v3.js
index f109b2dfb..910f235aa 100644
--- a/cookbook/static/js/bookmarklet.js
+++ b/cookbook/static/js/bookmarklet_v3.js
@@ -28,7 +28,7 @@
             const xhr = new XMLHttpRequest();
             xhr.open('POST', url, true);
             xhr.setRequestHeader('Content-Type', 'application/json');
-            xhr.setRequestHeader('Authorization', 'Token ' + token);
+            xhr.setRequestHeader('Authorization', 'Bearer ' + token);
 
             // listen for `onload` event
             xhr.onload = () => {
diff --git a/cookbook/templatetags/custom_tags.py b/cookbook/templatetags/custom_tags.py
index dac2f47e7..c2407237f 100644
--- a/cookbook/templatetags/custom_tags.py
+++ b/cookbook/templatetags/custom_tags.py
@@ -151,7 +151,7 @@ def bookmarklet(request):
             localStorage.setItem('redirectURL', '" + server + reverse('data_import_url') + "'); \
             localStorage.setItem('token', '" + api_token.__str__() + "'); \
             document.body.appendChild(document.createElement(\'script\')).src=\'" \
-               + server + prefix + static('js/bookmarklet.js') + "? \
+               + server + prefix + static('js/bookmarklet_v3.js') + "? \
             r=\'+Math.floor(Math.random()*999999999);}})();'>Test</a>"
     return re.sub(r"[\n\t]*", "", bookmark)
 
diff --git a/cookbook/views/api.py b/cookbook/views/api.py
index 05b89e179..d8ee804c1 100644
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -54,7 +54,7 @@ from cookbook.helper.ingredient_parser import IngredientParser
 from cookbook.helper.permission_helper import (CustomIsAdmin, CustomIsOwner,
                                                CustomIsOwnerReadOnly, CustomIsShared,
                                                CustomIsSpaceOwner, CustomIsUser, group_required,
-                                               is_space_owner, switch_user_active_space, above_space_limit, CustomRecipePermission, CustomUserPermission, CustomTokenHasReadWriteScope)
+                                               is_space_owner, switch_user_active_space, above_space_limit, CustomRecipePermission, CustomUserPermission, CustomTokenHasReadWriteScope, CustomTokenHasScope)
 from cookbook.helper.recipe_search import RecipeFacet, RecipeSearch
 from cookbook.helper.recipe_url_import import get_from_youtube_scraper, get_images_from_soup
 from cookbook.helper.scrapers.scrapers import text_scraper
@@ -1035,7 +1035,8 @@ class ExportLogViewSet(viewsets.ModelViewSet):
 class BookmarkletImportViewSet(viewsets.ModelViewSet):
     queryset = BookmarkletImport.objects
     serializer_class = BookmarkletImportSerializer
-    permission_classes = [CustomIsUser & CustomTokenHasReadWriteScope]
+    permission_classes = [CustomIsUser & CustomTokenHasScope]
+    required_scopes = ['bookmarklet']
 
     def get_serializer_class(self):
         if self.action == 'list':
@@ -1117,7 +1118,7 @@ class CustomAuthToken(ObtainAuthToken):
         if token := AccessToken.objects.filter(scope__contains='read').filter(scope__contains='write').first():
             access_token = token
         else:
-            access_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-","_")}', expires=(timezone.now() + timezone.timedelta(days=365*5)), scope='read write app')
+            access_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-", "_")}', expires=(timezone.now() + timezone.timedelta(days=365 * 5)), scope='read write app')
         return Response({
             'id': access_token.id,
             'token': access_token.token,
diff --git a/cookbook/views/data.py b/cookbook/views/data.py
index 22d79f2c6..7511617af 100644
--- a/cookbook/views/data.py
+++ b/cookbook/views/data.py
@@ -1,12 +1,15 @@
+import uuid
 from datetime import datetime
 
 from django.contrib import messages
 from django.http import HttpResponseRedirect
 from django.shortcuts import redirect, render
 from django.urls import reverse
+from django.utils import timezone
 from django.utils.translation import gettext as _
 from django.utils.translation import ngettext
 from django_tables2 import RequestConfig
+from oauth2_provider.models import AccessToken
 from rest_framework.authtoken.models import Token
 
 from cookbook.forms import BatchEditForm, SyncForm
@@ -115,8 +118,8 @@ def import_url(request):
         messages.add_message(request, messages.WARNING, msg)
         return HttpResponseRedirect(reverse('index'))
 
-    if (api_token := Token.objects.filter(user=request.user).first()) is None:
-        api_token = Token.objects.create(user=request.user)
+    if (api_token := AccessToken.objects.filter(user=request.user, scope='bookmarklet').first()) is None:
+        api_token = AccessToken.objects.create(user=request.user, scope='bookmarklet', expires=(timezone.now() + timezone.timedelta(days=365*10)), token=f'tda_{str(uuid.uuid4()).replace("-","_")}')
 
     bookmarklet_import_id = -1
     if 'id' in request.GET:
diff --git a/cookbook/views/views.py b/cookbook/views/views.py
index 05ea05263..0358e3548 100644
--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@@ -339,7 +339,7 @@ def user_settings(request):
         search_form = SearchPreferenceForm()
 
     if (api_token := AccessToken.objects.filter(user=request.user).first()) is None:
-        api_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-","_")}', expires=(timezone.now() + timezone.timedelta(days=365*5)), scope='read write').token
+        api_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-","_")}', expires=(timezone.now() + timezone.timedelta(days=365*10)), scope='read write').token
 
     # these fields require postgresql - just disable them if postgresql isn't available
     if not settings.DATABASES['default']['ENGINE'] in ['django.db.backends.postgresql_psycopg2',
diff --git a/vue/src/apps/ImportView/ImportView.vue b/vue/src/apps/ImportView/ImportView.vue
index 4b2ed0ffd..1228f8cc3 100644
--- a/vue/src/apps/ImportView/ImportView.vue
+++ b/vue/src/apps/ImportView/ImportView.vue
@@ -695,7 +695,7 @@ export default {
                 `localStorage.setItem("importURL", "${localStorage.getItem('BASE_PATH')}${this.resolveDjangoUrl('api:bookmarkletimport-list')}");` +
                 `localStorage.setItem("redirectURL", "${localStorage.getItem('BASE_PATH')}${this.resolveDjangoUrl('data_import_url')}");` +
                 `localStorage.setItem("token", "${window.API_TOKEN}");` +
-                `document.body.appendChild(document.createElement("script")).src="${localStorage.getItem('BASE_PATH')}${resolveDjangoStatic('/js/bookmarklet.js')}?r="+Math.floor(Math.random()*999999999)}` +
+                `document.body.appendChild(document.createElement("script")).src="${localStorage.getItem('BASE_PATH')}${resolveDjangoStatic('/js/bookmarklet_v3.js')}?r="+Math.floor(Math.random()*999999999)}` +
                 `})()`
         },
     },