diff --git a/http/session.go b/http/session.go
index 7173cbe..f05e5b0 100644
--- a/http/session.go
+++ b/http/session.go
@@ -12,11 +12,8 @@ import (
 )
 
 func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
-	tokenString, err := c.Cookie(authCookie)
-	if err != nil {
-		return nil, fmt.Errorf("get cookie: %w", err)
-	}
-
+	tokenString := c.GetHeader("Authorization")
+	tokenString = tokenString[7:]
 	token, err := h.TokenVerifier.VerifyToken(tokenString)
 	if err != nil {
 		c.SetCookie(authCookie, "", -1, "", "", false, false)
@@ -30,7 +27,7 @@ func (h *Handler) verifyLoginWithForbidden(c *gin.Context) {
 	token, err := h.verifyLogin(c)
 	if err != nil {
 		//c.Header("WWW-Authenticate", "Bearer")
-		c.AbortWithStatus(http.StatusForbidden)
+		c.AbortWithError(http.StatusForbidden, err)
 		return
 	}
 
@@ -76,17 +73,25 @@ func clearLogin(c *gin.Context) {
 	c.SetCookie(authCookie, "", -1, "", "", false, true)
 }
 
-func (h *Handler) loginPost(c *gin.Context) {
-	username, _ := c.GetPostForm("username")
-	password, _ := c.GetPostForm("password")
+type loginInformation struct {
+	Password string `json:"password"`
+	User     string `json:"user"`
+}
 
-	user, err := h.Service.GetUserByUsername(c.Request.Context(), username)
+func (h *Handler) loginPost(c *gin.Context) {
+	var login loginInformation
+	err := c.BindJSON(&login)
+	if err != nil {
+		return
+	}
+
+	user, err := h.Service.GetUserByUsername(c.Request.Context(), login.User)
 	if err != nil {
 		c.AbortWithError(http.StatusUnauthorized, err)
 		return
 	}
 
-	if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil {
+	if err = h.CredentialsVerifier.Verify(login.Password, user.Password); err != nil {
 		c.AbortWithError(http.StatusUnauthorized, err)
 		return
 	}