diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
index 54a911f8dd..2db61a53b1 100644
--- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
+++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -101,15 +101,19 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl
             throws ServletException, IOException {
         LOG.trace("ApiRateLimitFilter starts, rate limit is : " + enableRateLimiting);
         if (enableRateLimiting) {
-            String tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim();
-
+            String tokenValue = null;
+            if (httpServletRequest.getHeader("Authorization") != null) {
+                tokenValue = httpServletRequest.getHeader("Authorization").replaceAll("Bearer|bearer", "").trim();
+            }
             String ipAddress = httpServletRequest.getRemoteAddr();
 
             String clientId = null;
-            try {
-                clientId = orcidTokenStore.readClientId(tokenValue);
-            } catch (Exception ex) {
-                LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex);
+            if (tokenValue != null) {
+                try {
+                    clientId = orcidTokenStore.readClientId(tokenValue);
+                } catch (Exception ex) {
+                    LOG.error("Exception when trying to get the client id from token value, ignoring and treating as anonymous client", ex);
+                }
             }
             boolean isAnonymous = (clientId == null);
             LocalDate today = LocalDate.now();