diff --git a/services_api_key_auth.module b/services_api_key_auth.module
index 1f67d01..34f3758 100644
--- a/services_api_key_auth.module
+++ b/services_api_key_auth.module
@@ -22,10 +22,21 @@ function services_api_key_auth_services_authentication_info() {
 function services_api_key_auth_services_authenticate() {
   // Get function arguments.
   $args = func_get_args();
+
   // Get the key from the request.
-  $api_key = (!empty($_REQUEST['api-key'])) ? $_REQUEST['api-key'] : '';
+  $api_key = '';
+  switch ($args[0]['api_key_source']) {
+    case 'request':
+      $api_key = empty($_REQUEST['api-key']) ? '' : $_REQUEST['api-key'];
+      break;
+
+    case 'header':
+      $api_key = empty($_SERVER['HTTP_API_KEY']) ? '' : $_SERVER['HTTP_API_KEY'];
+      break;
+  }
+
   // Validate request.
-  $valid = (services_api_key_auth_compare_key($api_key, $args[0]['api_key'])) ? TRUE : FALSE;
+  $valid = (bool) services_api_key_auth_compare_key($api_key, $args[0]['api_key']);
   // Allow other modules to have their say.
   drupal_alter('services_api_key_valid', $valid, $args);
   if ($valid) {
@@ -67,6 +78,25 @@ function services_api_key_auth_services_settings_form($settings) {
     )),
     '#default_value' => (!empty($settings['api_key'])) ? $settings['api_key'] : $key,
   );
+
+  // Define where we should look up of the API key value.
+  $form['api_key_source'] = array(
+    '#type' => 'select',
+    '#title' => t('API Key source'),
+    '#description' => t('Where look up an API key: in request parameters or in HTTP header? Note, that <a href="@href_php_net" target="_blank">@var_request</a> variable contains the contents of @var_get, @var_post and @var_cookie.', array(
+      '@href_php_net' => 'http://php.net/manual/en/reserved.variables.request.php',
+      '@var_request' => '$_REQUEST',
+      '@var_cookie' => '$_COOKIE',
+      '@var_post' => '$_POST',
+      '@var_get' => '$_GET',
+    )),
+    '#options' => array(
+      'request' => t('Request (@example)', array('@example' => "\$_REQUEST['api-key']")),
+      'header' => t('Header (@example)', array('@example' => "\$_SERVER['HTTP_API_KEY']")),
+    ),
+    '#default_value' => empty($settings['api_key_source']) ? 'request' : $settings['api_key_source'],
+  );
+
   // Get list of users with given role.
   $role = user_role_load_by_name(variable_get('service_api_key_role', 'administrator'));
   $query = 'SELECT DISTINCT(ur.uid) FROM {users_roles} AS ur WHERE ur.rid = :rids';