By Default activiti /api/ are protected with Basic Authentication. I have overridden this security by implementing com.activiti.api.security.AlfrescoApiSecurityOverride class. it works well with both token and basic auth header. Now I have activiti-admin which is making rest call to the activiti-app "api/enterprise/app-version" and other api endpoints but in request I don't find Authorization header to authenticate it using my overriden authentication mechanism. Can anybody help me where I'm going wrong ?