diff --git a/Shoko.Server/API/AuthenticationController.cs b/Shoko.Server/API/AuthenticationController.cs
index e7bc6d723..c29e787c6 100644
--- a/Shoko.Server/API/AuthenticationController.cs
+++ b/Shoko.Server/API/AuthenticationController.cs
@@ -103,9 +103,9 @@ public ActionResult ChangePassword([FromBody] string newPassword)
     [HttpDelete]
     public ActionResult Delete(string apikey)
     {
-        var token = RepoFactory.AuthTokens.GetAll().FirstOrDefault(a => a.UserID == User.JMMUserID && a.DeviceName.EqualsInvariantIgnoreCase(apikey));
+        var token = RepoFactory.AuthTokens.GetAll().FirstOrDefault(a => a.UserID == User?.JMMUserID && a.DeviceName.EqualsInvariantIgnoreCase(apikey));
         token ??= RepoFactory.AuthTokens.GetByToken(apikey);
-        if (User.JMMUserID != token.UserID && User.IsAdmin != 1) return Unauthorized("Cannot delete a token for another user");
+        if (User?.JMMUserID != token.UserID && User?.IsAdmin != 1) return Unauthorized("Cannot delete a token for another user");
         RepoFactory.AuthTokens.Delete(token);
         return Ok();
     }