diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 402908c57e3..4adac3feace 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -440,7 +440,7 @@ private AuthenticatedUser getAuthenticatedUserFromSignedUrl() {
         //ToDo - add null checks/ verify that calling methods catch things.
         String user = httpRequest.getParameter("user");
         AuthenticatedUser targetUser = authSvc.getAuthenticatedUser(user);
-        String key = authSvc.findApiTokenByUser(targetUser).getTokenString();
+        String key = System.getProperty(SystemConfig.API_SIGNING_SECRET,"") + authSvc.findApiTokenByUser(targetUser).getTokenString();
         String signedUrl = httpRequest.getRequestURL().toString();
         String method = httpRequest.getMethod();
         
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 4ab542b469c..f0546aaca30 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2088,7 +2088,7 @@ public Response getSignedUrl(JsonObject urlInfo) throws WrappedResponse {
             userId=superuser.getIdentifier();
             //We ~know this exists - the superuser just used it and it was unexpired/not disabled. (ToDo - if we want this to work with workflow tokens (or as a signed URL, we should do more checking as for the user above))
         }
-            key =  authSvc.findApiTokenByUser(superuser).getTokenString();
+            key =  System.getProperty(SystemConfig.API_SIGNING_SECRET,"") + authSvc.findApiTokenByUser(superuser).getTokenString();
         }
         if(key==null) {
             return error(Response.Status.CONFLICT, "Do not have a valid user with apiToken");
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index 6ea63e2b51f..3c7f05bec1e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -124,6 +124,11 @@ public class SystemConfig {
     public final static String DEFAULTCURATIONLABELSET = "DEFAULT";
     public final static String CURATIONLABELSDISABLED = "DISABLED";
     
+    // A secret used in signing URLs - individual urls are signed using this and the
+    // intended user's apiKey, creating an aggregate key that is unique to the user
+    // but not known to the user (as their apiKey is)
+    public final static String API_SIGNING_SECRET = "dataverse.api-signing-secret;";
+    
     public String getVersion() {
         return getVersion(false);
     }