diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index a2a6205cd8..606e103174 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -44,7 +44,7 @@ use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
 use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
 use Illuminate\Routing\Middleware\ThrottleRequests;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
-
+use \Laravel\Passport\Http\Middleware\CreateFreshApiToken;
 /**
  * @codeCoverageIgnore
  * Class Kernel
@@ -84,7 +84,7 @@ class Kernel extends HttpKernel
                 StartFireflySession::class,
                 ShareErrorsFromSession::class,
                 VerifyCsrfToken::class,
-                //SubstituteBindings::class,
+                CreateFreshApiToken::class,
             ],
 
             // MUST NOT be logged in. Does not care about 2FA or confirmation.
@@ -95,7 +95,6 @@ class Kernel extends HttpKernel
                 StartFireflySession::class,
                 ShareErrorsFromSession::class,
                 VerifyCsrfToken::class,
-                //SubstituteBindings::class,
                 Binder::class,
                 RedirectIfAuthenticated::class,
             ],
@@ -109,7 +108,6 @@ class Kernel extends HttpKernel
                 StartFireflySession::class,
                 ShareErrorsFromSession::class,
                 VerifyCsrfToken::class,
-                //SubstituteBindings::class,
                 Binder::class,
                 Authenticate::class,
                 RedirectIfTwoFactorAuthenticated::class,
@@ -125,7 +123,6 @@ class Kernel extends HttpKernel
                 StartFireflySession::class,
                 ShareErrorsFromSession::class,
                 VerifyCsrfToken::class,
-                //SubstituteBindings::class,
                 Binder::class,
                 Authenticate::class,
             ],
@@ -141,11 +138,11 @@ class Kernel extends HttpKernel
                 StartFireflySession::class,
                 ShareErrorsFromSession::class,
                 VerifyCsrfToken::class,
-                //SubstituteBindings::class,
                 Authenticate::class,
                 AuthenticateTwoFactor::class,
                 Range::class,
                 Binder::class,
+                CreateFreshApiToken::class,
             ],
             // MUST be logged in
             // MUST have 2fa
@@ -159,12 +156,12 @@ class Kernel extends HttpKernel
                 StartFireflySession::class,
                 ShareErrorsFromSession::class,
                 VerifyCsrfToken::class,
-                //SubstituteBindings::class,
                 Authenticate::class,
                 AuthenticateTwoFactor::class,
                 IsAdmin::class,
                 Range::class,
                 Binder::class,
+                CreateFreshApiToken::class,
             ],
 
             'api' => [
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 42fdfc5350..2e44ca0924 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -24,6 +24,7 @@ namespace FireflyIII\Providers;
 
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
+use Laravel\Passport\Passport;
 
 /**
  * @codeCoverageIgnore
@@ -44,5 +45,6 @@ class AppServiceProvider extends ServiceProvider
      */
     public function register()
     {
+        Passport::ignoreMigrations();
     }
 }
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 3c78d0b5b2..ed1d76630b 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -23,6 +23,7 @@ declare(strict_types=1);
 namespace FireflyIII\Providers;
 
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+use Laravel\Passport\Passport;
 
 /**
  * @codeCoverageIgnore
@@ -46,5 +47,7 @@ class AuthServiceProvider extends ServiceProvider
     public function boot()
     {
         $this->registerPolicies();
+        Passport::routes();
+        Passport::tokensExpireIn(now()->addDays(14));
     }
 }
diff --git a/app/User.php b/app/User.php
index db03b5189f..8745fe5cbf 100644
--- a/app/User.php
+++ b/app/User.php
@@ -30,6 +30,7 @@ use Illuminate\Database\Eloquent\Relations\HasManyThrough;
 use Illuminate\Database\QueryException;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
+use Laravel\Passport\HasApiTokens;
 use Log;
 use Request;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -39,7 +40,7 @@ use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  */
 class User extends Authenticatable
 {
-    use Notifiable;
+    use Notifiable, HasApiTokens;
 
     /**
      * The attributes that are mass assignable.
diff --git a/config/auth.php b/config/auth.php
index 134d34926f..fec9f2f764 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -64,7 +64,7 @@ return [
         ],
 
         'api' => [
-            'driver'   => 'token',
+            'driver'   => 'passport',
             'provider' => 'users',
         ],
     ],