diff --git a/src/aleph/vm/orchestrator/views/operator.py b/src/aleph/vm/orchestrator/views/operator.py
index 298486b73..df90d84c2 100644
--- a/src/aleph/vm/orchestrator/views/operator.py
+++ b/src/aleph/vm/orchestrator/views/operator.py
@@ -10,7 +10,6 @@
 
 from aleph.vm.models import VmExecution
 from aleph.vm.orchestrator.run import create_vm_execution
-from aleph.vm.orchestrator.views import authenticate_api_request
 from aleph.vm.orchestrator.views.authentication import (
     authenticate_websocket_message,
     require_jwk_authentication,
@@ -68,7 +67,7 @@ async def stream_logs(request: web.Request) -> web.StreamResponse:
         ws = web.WebSocketResponse()
         await ws.prepare(request)
         try:
-            await authenticate_for_vm_or_403(execution, request, vm_hash, ws)
+            await authenticate_websocket_for_vm_or_403(execution, vm_hash, ws)
             await ws.send_json({"status": "connected"})
 
             queue = execution.vm.get_log_queue()
@@ -88,12 +87,12 @@ async def stream_logs(request: web.Request) -> web.StreamResponse:
             execution.vm.unregister_queue(queue)
 
 
-async def authenticate_for_vm_or_403(execution, request, vm_hash, ws):
-    """Allow authentication via HEADER or via websocket"""
-    if authenticate_api_request(request):
-        logger.debug(f"Accepted request to access logs via the allocatioan api key on {vm_hash}")
-        return True
+async def authenticate_websocket_for_vm_or_403(execution: VmExecution, vm_hash: ItemHash, ws: web.WebSocketResponse):
+    """Authenticate a websocket connection.
 
+    Web browsers do not allow setting headers in WebSocket requests, so the authentication
+    relies on the first message sent by the client.
+    """
     first_message = await ws.receive_json()
     credentials = first_message["auth"]
     authenticated_sender = await authenticate_websocket_message(credentials)