diff --git a/README.md b/README.md
index 40d478b76a5a2850ebce911255e30d365caceff2..f56da5eafaa7e15b8c468de28bf498b76e7bb79e 100644
--- a/README.md
+++ b/README.md
@@ -27,3 +27,5 @@ virtual_alias_maps = socketmap:unix:/uffd-socketmapd.sock:virtual
 # Defaults to $virtual_alias_maps, which does not work here, so unset it
 virtual_alias_domains =
 ```
+
+Note that uffd-socketmapd requires at least uffd v1.2.0!
diff --git a/debian/contrib/uffd-socketmapd-postfix.conf b/debian/contrib/uffd-socketmapd-postfix.conf
index b0ce28bea1ff4ce5c7ae3471186ae99055245d47..ea1efadd885b4ec99684a99e829b2d659a642e2b 100644
--- a/debian/contrib/uffd-socketmapd-postfix.conf
+++ b/debian/contrib/uffd-socketmapd-postfix.conf
@@ -1,6 +1,7 @@
 # Both options must be set
 #SERVER_API_URL="https://localhost"
-#SERVER_API_KEY="my_secret_api_token"
+#SERVER_API_USER="client_id"
+#SERVER_API_SECRET="my_secret_api_client_secret"
 
 # The socket path is hard-coded to "/var/spool/postfix/uffd-socketmapd.sock"
 # ("/uffd-socketmapd.sock" in the postfix sandbox). Use systemd overwrites
diff --git a/uffd-socketmapd b/uffd-socketmapd
index c13bf10cc587ddc7742fd9ef99cf046a7d933afc..76d151a5545842cea97698278b0a58bcd10555c4 100755
--- a/uffd-socketmapd
+++ b/uffd-socketmapd
@@ -11,11 +11,10 @@ import requests
 logger = logging.getLogger(__name__)
 
 class UffdAPI:
-	def __init__(self, baseurl, key):
+	def __init__(self, baseurl, client_id, client_secret):
 		self.baseurl = baseurl
-		self.key = key
 		self.session = requests.Session()
-		self.session.headers['Authorization'] = 'Bearer '+self.key
+		self.session.auth = (client_id, client_secret)
 
 	def get(self, endpoint, **kwargs):
 		resp = self.session.get(self.baseurl + endpoint, params=kwargs)
@@ -228,8 +227,9 @@ class StdoutFilter(logging.Filter):
 @click.option('--socket-path', type=click.Path(), help='Path for UNIX domain socket')
 @click.option('--socket-fd', type=int, help='Use fd number as server socket (alternative to --socket-path)')
 @click.option('--api-url', required=True, help='Uffd base URL without API prefix or trailing slash (e.g. https://example.com)')
-@click.option('--api-key', required=True, help='API secret, do not set this on the command-line, use environment variable SERVER_API_KEY instead')
-def main(socket_path, socket_fd, api_url, api_key):
+@click.option('--api-user', required=True, help='API user/client id')
+@click.option('--api-secret', required=True, help='API secret, do not set this on the command-line, use environment variable SERVER_API_SECRET instead')
+def main(socket_path, socket_fd, api_url, api_user, api_secret):
 	if (socket_path is None and socket_fd is None) or \
 	   (socket_path is not None and socket_fd is not None):
 		raise click.ClickException('Either --socket-path or --socket-fd must be specified')
@@ -243,7 +243,7 @@ def main(socket_path, socket_fd, api_url, api_key):
 	logger.addHandler(stdout_handler)
 	logger.addHandler(stderr_handler)
 
-	api = UffdAPI(api_url, api_key)
+	api = UffdAPI(api_url, api_user, api_secret)
 	RequestHandler = make_requesthandler(api)
 	if socket_path is not None:
 		cleanup_unix_socket(socket_path)