diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js
index 708b47c4f5..497c24699d 100644
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@@ -1,7 +1,9 @@
 const jwt = require("jsonwebtoken")
 const STATUS_CODES = require("../utilities/statusCodes")
-const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
-const env = require("../environment")
+const {
+  getAccessLevel,
+  BUILTIN_LEVELS,
+} = require("../utilities/security/accessLevels")
 const { AuthTypes } = require("../constants")
 const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")
 
@@ -21,12 +23,10 @@ module.exports = async (ctx, next) => {
     appId = cookieAppId
   }
 
-  let token
-  if (isClient(ctx)) {
-    ctx.auth.authenticated = AuthTypes.APP
-    token = ctx.cookies.get(getCookieName(appId))
-  } else {
-    ctx.auth.authenticated = AuthTypes.BUILDER
+  let token = ctx.cookies.get(getCookieName(appId))
+  let authType = AuthTypes.APP
+  if (!token && !isClient(ctx)) {
+    authType = AuthTypes.BUILDER
     token = ctx.cookies.get(getCookieName())
   }
 
@@ -42,6 +42,7 @@ module.exports = async (ctx, next) => {
   }
 
   try {
+    ctx.auth.authenticated = authType
     const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
     ctx.appId = appId
     ctx.auth.apiKey = jwtPayload.apiKey