diff --git a/index.js b/index.js
index 551044e..d8193b8 100644
--- a/index.js
+++ b/index.js
@@ -14,7 +14,7 @@ const create = () => got.create({
 	methods: got.defaults.methods,
 	handler: (options, next) => {
 		if (options.token) {
-			options.headers.authorization = `token ${options.token}`;
+			options.headers.authorization = options.headers.authorization || `token ${options.token}`;
 		}
 
 		if (options.method && options.method === 'PUT' && !options.body) {
diff --git a/readme.md b/readme.md
index c082d84..74a1445 100644
--- a/readme.md
+++ b/readme.md
@@ -89,6 +89,33 @@ Type: `Object`
 Can be specified as a plain object and will be serialized as JSON with the appropriate headers set.
 
 
+## Authorization
+
+Authorization for GitHub uses the following logic:
+
+1. If `options.headers.authorization` is passed to `gh-got`, then this will be used as first preference.
+2. If `options.token` is provided, then the `authorization` header will be set to `token <options.token>`.
+3. If `options.headers.authorization` and `options.token` are not provided, then the `authorization` header will be set to `token <process.env.GITHUB_TOKEN>`
+
+In most cases, this means you can simply set `GITHUB_TOKEN`, but it also allows it to be overridden by setting `options.token` or `options.headers.authorization` explicitly. For example, if [authenticating as a GitHub App](https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app), you could do the following:
+
+```js
+const ghGot = require(`gh-got`);
+
+(async () => {
+	const options = {
+		headers: {
+			authorization: `Bearer ${jwt}`
+		}
+	};
+	const {body} = await ghGot('app', options);
+
+	console.log(body.name);
+	//=> 'MyApp'
+})();
+```
+
+
 ## License
 
 MIT © [Sindre Sorhus](https://sindresorhus.com)