diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index e0d96aea0..be65402eb 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -5,7 +5,7 @@ class Auth::DefaultCurrentUserProvider
 
   CURRENT_USER_KEY ||= "_DISCOURSE_CURRENT_USER".freeze
   API_KEY ||= "api_key".freeze
-  USER_API_KEY ||= "USER_API_KEY".freeze
+  USER_API_KEY ||= "HTTP_USER_API_KEY".freeze
   API_KEY_ENV ||= "_DISCOURSE_API".freeze
   TOKEN_COOKIE ||= "_t".freeze
   PATH_INFO ||= "PATH_INFO".freeze
diff --git a/spec/components/auth/default_current_user_provider_spec.rb b/spec/components/auth/default_current_user_provider_spec.rb
index 4c38bbd9d..a0f25c07c 100644
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -174,7 +174,7 @@ describe Auth::DefaultCurrentUserProvider do
     it "allows user API access correctly" do
       params = {
         "REQUEST_METHOD" => "GET",
-        "USER_API_KEY" => api_key.key,
+        "HTTP_USER_API_KEY" => api_key.key,
       }
 
       expect(provider("/", params).current_user.id).to eq(user.id)
@@ -198,7 +198,7 @@ describe Auth::DefaultCurrentUserProvider do
 
       params = {
         "REQUEST_METHOD" => "GET",
-        "USER_API_KEY" => api_key.key,
+        "HTTP_USER_API_KEY" => api_key.key,
       }
 
       3.times do