diff --git a/archivebox/api/auth.py b/archivebox/api/auth.py
index 7d88b928..fd74feca 100644
--- a/archivebox/api/auth.py
+++ b/archivebox/api/auth.py
@@ -30,8 +30,8 @@ def auth_using_token(token, request: Optional[HttpRequest]=None) -> Optional[Abs
 
     if not user:
         print('[❌] Failed to authenticate API user using API Key:', request)
-
-    return None
+        return None
+    return cast(AbstractBaseUser, user)
 
 def auth_using_password(username, password, request: Optional[HttpRequest]=None) -> Optional[AbstractBaseUser]:
     """Given a username and password, check if they are valid and return the corresponding user"""
diff --git a/archivebox/api/v1_auth.py b/archivebox/api/v1_auth.py
index 289380cc..86fde8e5 100644
--- a/archivebox/api/v1_auth.py
+++ b/archivebox/api/v1_auth.py
@@ -3,6 +3,8 @@ __package__ = 'archivebox.api'
 from typing import Optional
 
 from ninja import Router, Schema
+from django.utils import timezone
+from datetime import timedelta
 
 from api.models import APIToken
 from api.auth import auth_using_token, auth_using_password
@@ -25,9 +27,14 @@ def get_api_token(request, auth_data: PasswordAuthSchema):
         request=request,
     )
 
-    if user:
-        # TODO: support multiple tokens in the future, for now we just have one per user
-        api_token, created = APIToken.objects.get_or_create(created_by_id=user.pk)
+    if user and user.is_superuser:
+        api_tokens = APIToken.objects.filter(created_by_id=user.pk, expires__gt=timezone.now())
+        if api_tokens.exists():
+            api_token = api_tokens.last()
+        else:
+            api_token = APIToken.objects.create(created_by_id=user.pk, expires=timezone.now() + timedelta(days=30))
+        
+        assert api_token.is_valid(), f"API token is not valid {api_token.abid}"
 
         return api_token.__json__()