diff --git a/src/Eurofurence.App.Server.Web/Controllers/CommunicationController.cs b/src/Eurofurence.App.Server.Web/Controllers/CommunicationController.cs
index b46d59a..6676f45 100644
--- a/src/Eurofurence.App.Server.Web/Controllers/CommunicationController.cs
+++ b/src/Eurofurence.App.Server.Web/Controllers/CommunicationController.cs
@@ -85,7 +85,7 @@ public async Task<ActionResult> MarkMyPrivateMessageAsReadAsync(
         ///     with the same recipient uid, it will push a toast message to those devices.
         ///     The toast message content is defined by the `ToastTitle` and `ToastMessage` properties.
         /// </remarks>
-        /// <param name="Request"></param>
+        /// <param name="request"></param>
         /// <returns>The `Id` of the message that has been delivered.</returns>
         /// <response code="400">Unable to parse `Request`</response>
         [Authorize(AuthenticationSchemes = $"{ApiKeyAuthenticationDefaults.AuthenticationScheme},{OAuth2IntrospectionDefaults.AuthenticationScheme}", Roles = "Admin,PrivateMessageSender")]
@@ -93,18 +93,19 @@ public async Task<ActionResult> MarkMyPrivateMessageAsReadAsync(
         [HttpPost("PrivateMessages/:byRegistrationId")]
         [ProducesResponseType(typeof(Guid), 200)]
         public async Task<ActionResult> SendPrivateMessageAsync(
-            [FromBody] SendPrivateMessageByRegSysRequest Request,
+            [FromBody] SendPrivateMessageByRegSysRequest request,
             CancellationToken cancellationToken = default)
         {
-            if (Request == null) return BadRequest();
+            if (request == null) return BadRequest();
 
-            if (User.IsInRole("Attendee"))
+            // Only admins may set the AuthorName via the API
+            if (!User.IsInRole("Admin") || string.IsNullOrWhiteSpace(request.AuthorName))
             {
-                Request.AuthorName = User.GetName();
+                request.AuthorName = User.GetName();
             }
 
             return Json(await _privateMessageService.SendPrivateMessageAsync(
-                Request,
+                request,
                 User.GetSubject(),
                 cancellationToken
             ));
@@ -118,25 +119,26 @@ public async Task<ActionResult> SendPrivateMessageAsync(
         ///     with the same recipient uid, it will push a toast message to those devices.
         ///     The toast message content is defined by the `ToastTitle` and `ToastMessage` properties.
         /// </remarks>
-        /// <param name="Request"></param>
+        /// <param name="request"></param>
         /// <returns>The `Id` of the message that has been delivered.</returns>
         /// <response code="400">Unable to parse `Request`</response>
         [Authorize(AuthenticationSchemes = $"{ApiKeyAuthenticationDefaults.AuthenticationScheme},{OAuth2IntrospectionDefaults.AuthenticationScheme}", Roles = "Admin,PrivateMessageSender")]
         [HttpPost("PrivateMessages/:byIdentityId")]
         [ProducesResponseType(typeof(Guid), 200)]
         public async Task<ActionResult> SendPrivateMessageIdentityAsync(
-            [FromBody] SendPrivateMessageByIdentityRequest Request,
+            [FromBody] SendPrivateMessageByIdentityRequest request,
             CancellationToken cancellationToken = default)
         {
-            if (Request == null) return BadRequest();
+            if (request == null) return BadRequest();
 
-            if (User.IsInRole("Attendee"))
+            // Only admins may set the AuthorName via the API
+            if (!User.IsInRole("Admin") || string.IsNullOrWhiteSpace(request.AuthorName))
             {
-                Request.AuthorName = User.GetName();
+                request.AuthorName = User.GetName();
             }
 
             return Json(await _privateMessageService.SendPrivateMessageAsync(
-                Request,
+                request,
                 User.GetSubject(),
                 cancellationToken
             ));
diff --git a/src/Eurofurence.App.Server.Web/Identity/ApiKeyAuthenticationHandler.cs b/src/Eurofurence.App.Server.Web/Identity/ApiKeyAuthenticationHandler.cs
index 66896a8..f7ca4c4 100644
--- a/src/Eurofurence.App.Server.Web/Identity/ApiKeyAuthenticationHandler.cs
+++ b/src/Eurofurence.App.Server.Web/Identity/ApiKeyAuthenticationHandler.cs
@@ -24,12 +24,13 @@ protected override Task<AuthenticateResult> HandleAuthenticateAsync()
 
         if (Options.ApiKeys.FirstOrDefault(apiKey => apiKey.Key == requestApiKey && DateTime.Now.CompareTo(apiKey.ValidUntil) <= 0) is { } apiKeyOptions)
         {
-            Logger.LogInformation($"Configured API key for {apiKeyOptions.PrincipalName} with roles {string.Join(',', apiKeyOptions.Roles)} valid until {apiKeyOptions.ValidUntil}.");
+            Logger.LogInformation($"Matched API key for {apiKeyOptions.PrincipalName} with roles {string.Join(',', apiKeyOptions.Roles)} valid until {apiKeyOptions.ValidUntil}.");
 
             var claims = new List<Claim>
             {
-                new Claim(ClaimTypes.Name, apiKeyOptions.PrincipalName),
-                new Claim("sub", apiKeyOptions.PrincipalName)
+                new Claim("name", apiKeyOptions.PrincipalName),
+                new Claim("sub", $"{ApiKeyAuthenticationDefaults.AuthenticationScheme}:{apiKeyOptions.PrincipalName}"),
+                new Claim(ClaimTypes.Role, ApiKeyAuthenticationDefaults.AuthenticationScheme)
             };
 
             foreach (var role in apiKeyOptions.Roles)