diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb
index 13712f997..36ab736dd 100644
--- a/app/api/repp/api.rb
+++ b/app/api/repp/api.rb
@@ -24,7 +24,9 @@ module Repp
         webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
         error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
       else
-        error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
+        unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+          error! "#{message} #{@current_user.username}", 401
+        end
       end
     end