diff --git a/package.json b/package.json
index 108e37e..1450012 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "route4me-nodejs-sdk",
-  "version": "1.0.28",
+  "version": "1.0.29",
   "description": "Access Route4Me's logistics-as-a-service API using our Node.js SDK",
   "main": "src/index.js",
   "browser": "src/route4me.js",
diff --git a/src/request-manager.js b/src/request-manager.js
index 1ef5752..28da927 100644
--- a/src/request-manager.js
+++ b/src/request-manager.js
@@ -207,7 +207,19 @@ class RequestManager {
 			apiUrl = (options["v5"] ? `${this._baseUrl5}${options.path}` : `${this._baseUrl}${options.path}`)
 		}
 
-		qs["api_key"] = this._apiKey
+		let urlObject = null
+		try {
+			urlObject = new URL(apiUrl)
+		} catch (err) {
+			//
+		}
+
+		const authorization = { type: "" }
+		if (urlObject && "wh" === urlObject.hostname.substring(0, 2).toLocaleLowerCase()) {
+			authorization.type = "bearer"
+		} else {
+			qs["api_key"] = this._apiKey
+		}
 
 		if (undefined === options.validationContext) {
 			// this is just a protective wall
@@ -244,6 +256,7 @@ class RequestManager {
 
 		const req = request[method](apiUrl)
 			.set("Route4Me-User-Agent", this._userAgent)
+			.auth(this._apiKey, "", authorization)
 			.timeout(timeouts)
 			.redirects(1000)	// unlimited number of redirects
 			.accept("application/json")
diff --git a/test/helper.js b/test/helper.js
index 20a9349..dfe6817 100644
--- a/test/helper.js
+++ b/test/helper.js
@@ -6,23 +6,36 @@ const _       = require("lodash")
 const runIntegrationTests = "1" === process.env["TEST_INTEGRATION"]
 //const describeIntegration = runIntegrationTests ? describe : describe.skip
 const describeIntegration = describe
-function expectRequest(req, method, url, query, body, contentType /* , form */) {
+function expectRequest(req, method, url, query, body, contentType) {
 	const ct = contentType || "application/json"
 
 	expect(req).has.property("url")
 		.and.is.equal(url)
 
+	const urlObject = new URL(req.url)
+	const api_v4 = ("wh" !== urlObject.hostname.substring(0, 2).toLocaleLowerCase())
+
 	expect(req).has.property("method")
 		.and.is.equal(method)
 
 	expect(req).has.property("headers")
 		.that.has.property("content-type", ct)
 
+	// With API v5 the API-KEY is sent as header entry rather than as URL parameter.
+	if (!api_v4) {
+		expect(req.headers).has.property("authorization")
+	}
+
 	// QUERY assertions
-	expect(req).has.property("query")
-		.with.property("api_key")
-		.that.is.exist
-		.that.not.oneOf(["null", "undefined", ""])
+	if (api_v4) {
+		expect(req).has.property("query")
+			.with.property("api_key")
+			.that.is.exist
+			.that.not.oneOf(["null", "undefined", ""])
+	} else {
+		expect(req).has.property("query")
+			.that.not.oneOf(["null", "undefined", ""])
+	}
 
 	const qs = _({})
 		.merge(req.query)
@@ -43,13 +56,6 @@ function expectRequest(req, method, url, query, body, contentType /* , form */)
 		expect(req).has.property("body")
 			.and.is.null
 	}
-
-	// if (form) {
-	// 	expect(req).has.property("form")
-	// 		.that.is.deep.equal(form)
-	// } else {
-	// 	expect(req).has.not.property("form")
-	// }
 }
 
 function toSuiteName(filename) {