diff --git a/app/doorboy-proxy.py b/app/doorboy-proxy.py
index e92a6bf..5d3cfa8 100755
--- a/app/doorboy-proxy.py
+++ b/app/doorboy-proxy.py
@@ -31,7 +31,7 @@ async def setup_db(app, loop):
 @app.route("/allowed")
 async def view_doorboy_uids(request):
     key = request.headers.get("KEY")
-    if key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
+    if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
         return text("how about no")
 
     if key == DOORBOY_SECRET_FLOOR:
@@ -56,7 +56,7 @@ async def view_doorboy_uids(request):
 @app.route("/longpoll", stream=True)
 async def view_longpoll(request):
     response = await request.respond(content_type="text/event-stream")
-    if key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
+    if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
         return text("Invalid token")
 
     await response.send("data: response-generator-started\n\n")