diff --git a/cmd/api-service/handler/server.go b/cmd/api-service/handler/server.go
index dab3062..97c96eb 100644
--- a/cmd/api-service/handler/server.go
+++ b/cmd/api-service/handler/server.go
@@ -42,6 +42,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	rec.Header().Add("Content-Type", "application/json")
 
 	// authenticate
+	logger.Info("authenticating", "key", r.Header.Get("Authorization"), "apiKey", s.apiKey)
 	if key := r.Header.Get("Authorization"); s.apiKey != "localOnly" && key != s.apiKey {
 		Error(rec, http.StatusUnauthorized, "unauthorized", fmt.Errorf("invalid api key"), logger)
 		logger.Info("unauthorized", "key", key)
diff --git a/cmd/api-service/service.go b/cmd/api-service/service.go
index 7950533..8744a56 100644
--- a/cmd/api-service/service.go
+++ b/cmd/api-service/service.go
@@ -24,7 +24,7 @@ var (
 func main() {
 	flag.Parse()
 	logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
-	logger.Info("starting server", "port", *port, "dbPath", *dbPath, "apiKey", *apiKey)
+	logger.Info("starting server", "port", *port, "dbPath", *dbPath)
 
 	db, err := moviestore.NewSQLite(*dbPath)
 	if err != nil {