diff --git a/api/api.go b/api/api.go
index 590b858e1..b0fe6d83b 100644
--- a/api/api.go
+++ b/api/api.go
@@ -330,6 +330,7 @@ type request struct {
 	url    *url.URL
 	params url.Values
 	body   io.Reader
+	header http.Header
 	obj    interface{}
 }
 
@@ -355,7 +356,7 @@ func (r *request) setQueryOptions(q *QueryOptions) {
 		r.params.Set("wait", durToMsec(q.WaitTime))
 	}
 	if q.Token != "" {
-		r.params.Set("token", q.Token)
+		r.header.Set("X-Consul-Token", q.Token)
 	}
 	if q.Near != "" {
 		r.params.Set("near", q.Near)
@@ -399,7 +400,7 @@ func (r *request) setWriteOptions(q *WriteOptions) {
 		r.params.Set("dc", q.Datacenter)
 	}
 	if q.Token != "" {
-		r.params.Set("token", q.Token)
+		r.header.Set("X-Consul-Token", q.Token)
 	}
 }
 
@@ -426,6 +427,7 @@ func (r *request) toHTTP() (*http.Request, error) {
 	req.URL.Host = r.url.Host
 	req.URL.Scheme = r.url.Scheme
 	req.Host = r.url.Host
+	req.Header = r.header
 
 	// Setup auth
 	if r.config.HttpAuth != nil {
@@ -446,6 +448,7 @@ func (c *Client) newRequest(method, path string) *request {
 			Path:   path,
 		},
 		params: make(map[string][]string),
+		header: make(http.Header),
 	}
 	if c.config.Datacenter != "" {
 		r.params.Set("dc", c.config.Datacenter)
@@ -454,7 +457,7 @@ func (c *Client) newRequest(method, path string) *request {
 		r.params.Set("wait", durToMsec(r.config.WaitTime))
 	}
 	if c.config.Token != "" {
-		r.params.Set("token", r.config.Token)
+		r.header.Set("X-Consul-Token", r.config.Token)
 	}
 	return r
 }
diff --git a/api/api_test.go b/api/api_test.go
index da7c00550..71f01c483 100644
--- a/api/api_test.go
+++ b/api/api_test.go
@@ -247,8 +247,8 @@ func TestSetQueryOptions(t *testing.T) {
 	if r.params.Get("wait") != "100000ms" {
 		t.Fatalf("bad: %v", r.params)
 	}
-	if r.params.Get("token") != "12345" {
-		t.Fatalf("bad: %v", r.params)
+	if r.header.Get("X-Consul-Token") != "12345" {
+		t.Fatalf("bad: %v", r.header)
 	}
 	if r.params.Get("near") != "nodex" {
 		t.Fatalf("bad: %v", r.params)
@@ -270,8 +270,8 @@ func TestSetWriteOptions(t *testing.T) {
 	if r.params.Get("dc") != "foo" {
 		t.Fatalf("bad: %v", r.params)
 	}
-	if r.params.Get("token") != "23456" {
-		t.Fatalf("bad: %v", r.params)
+	if r.header.Get("X-Consul-Token") != "23456" {
+		t.Fatalf("bad: %v", r.header)
 	}
 }