diff --git a/src/client.rs b/src/client.rs
index 47787d66b..826a14731 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -16,15 +16,7 @@ impl GQLClient {
         let mut headers = HeaderMap::new();
         if let Some(token) = &Configs::get_railway_token() {
             headers.insert("project-access-token", HeaderValue::from_str(token)?);
-        } else if let Some(token) = &Configs::get_railway_api_token() {
-            headers.insert(
-                "authorization",
-                HeaderValue::from_str(&format!("Bearer {token}"))?,
-            );
-        } else if let Some(token) = &configs.root_config.user.token {
-            if token.is_empty() {
-                return Err(RailwayError::Unauthorized);
-            }
+        } else if let Some(token) = configs.get_railway_auth_token() {
             headers.insert(
                 "authorization",
                 HeaderValue::from_str(&format!("Bearer {token}"))?,
diff --git a/src/config.rs b/src/config.rs
index 6eed2f3f9..2cee6dbfd 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -115,6 +115,15 @@ impl Configs {
         std::env::var("RAILWAY_API_TOKEN").ok()
     }
 
+    /// tries the environment variable and the config file
+    pub fn get_railway_auth_token(&self) -> Option<String> {
+        Self::get_railway_api_token().or(self
+            .root_config
+            .user
+            .token
+            .clone()
+            .filter(|t| !t.is_empty()))
+    }
     pub fn get_environment_id() -> Environment {
         match std::env::var("RAILWAY_ENV")
             .map(|env| env.to_lowercase())
diff --git a/src/subscription.rs b/src/subscription.rs
index c2e7fe8bd..50188c54f 100644
--- a/src/subscription.rs
+++ b/src/subscription.rs
@@ -12,20 +12,23 @@ where
     <T as GraphQLQuery>::ResponseData: std::fmt::Debug,
 {
     let configs = Configs::new()?;
-    let Some(token) = configs.root_config.user.token.clone() else {
-        bail!("Unauthorized. Please login with `railway login`")
-    };
-    let bearer = format!("Bearer {token}");
     let hostname = configs.get_host();
     let mut request = format!("wss://backboard.{hostname}/graphql/v2").into_client_request()?;
-
-    request.headers_mut().insert(
+    let headers = request.headers_mut();
+    if let Some(token) = &Configs::get_railway_token() {
+        headers.insert("project-access-token", HeaderValue::from_str(token)?);
+    } else if let Some(token) = configs.get_railway_auth_token() {
+        headers.insert(
+            "authorization",
+            HeaderValue::from_str(&format!("Bearer {token}"))?,
+        );
+    } else {
+        bail!("Not authorized");
+    }
+    headers.insert(
         "Sec-WebSocket-Protocol",
         HeaderValue::from_str("graphql-transport-ws").unwrap(),
     );
-    request
-        .headers_mut()
-        .insert("Authorization", HeaderValue::from_str(&bearer)?);
 
     let (connection, _) = async_tungstenite::tokio::connect_async(request).await?;