diff --git a/src/dns/hetzner.js b/src/dns/hetzner.js
index 4dccd94b1..e3afa2805 100644
--- a/src/dns/hetzner.js
+++ b/src/dns/hetzner.js
@@ -20,8 +20,7 @@ const assert = require('node:assert'),
     superagent = require('@cloudron/superagent'),
     waitForDns = require('./waitfordns.js');
 
-// const ENDPOINT = 'https://dns.hetzner.com/api/v1';
-const ENDPOINT = 'https://api.hetzner.cloud/v1';
+const ENDPOINT = 'https://dns.hetzner.com/api/v1';
 
 function formatError(response) {
     return `Hetzner DNS error ${response.status} ${response.text}`;
@@ -41,7 +40,7 @@ async function getZone(domainConfig, zoneName) {
     assert.strictEqual(typeof zoneName, 'string');
 
     const [error, response] = await safe(superagent.get(`${ENDPOINT}/zones`)
-        .set('Authorization', `Bearer ${domainConfig.token}`)
+        .set('Auth-API-Token', domainConfig.token)
         .query({ search_name: zoneName })
         .timeout(30 * 1000)
         .retry(5)
@@ -71,8 +70,7 @@ async function getZoneRecords(domainConfig, zone, name, type) {
 
     while (true) {
         const [error, response] = await safe(superagent.get(`${ENDPOINT}/records`)
-            .set('Authorization', `Bearer ${domainConfig.token}`)
-            // .set('Auth-API-Token', domainConfig.token)
+            .set('Auth-API-Token', domainConfig.token)
             .query({ zone_id: zone.id, page, per_page: perPage })
             .timeout(30 * 1000)
             .retry(5)
@@ -124,8 +122,7 @@ async function upsert(domainObject, location, type, values) {
 
         if (i >= records.length) {
             const [error, response] = await safe(superagent.post(`${ENDPOINT}/records`)
-        .set('Authorization', `Bearer ${domainConfig.token}`)
-                // .set('Auth-API-Token', domainConfig.token)
+                .set('Auth-API-Token', domainConfig.token)
                 .send(data)
                 .timeout(30 * 1000)
                 .retry(5)
@@ -137,8 +134,7 @@ async function upsert(domainObject, location, type, values) {
             if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));
         } else {
             const [error, response] = await safe(superagent.put(`${ENDPOINT}/records/${records[i].id}`)
-        .set('Authorization', `Bearer ${domainConfig.token}`)
-                // .set('Auth-API-Token', domainConfig.token)
+                .set('Auth-API-Token', domainConfig.token)
                 .send(data)
                 .timeout(30 * 1000)
                 .retry(5)
@@ -155,8 +151,7 @@ async function upsert(domainObject, location, type, values) {
 
     for (let j = values.length + 1; j < records.length; j++) {
         const [error] = await safe(superagent.del(`${ENDPOINT}/records/${records[j].id}`)
-        .set('Authorization', `Bearer ${domainConfig.token}`)
-            // .set('Auth-API-Token', domainConfig.token)
+            .set('Auth-API-Token', domainConfig.token)
             .timeout(30 * 1000)
             .retry(5)
             .ok(() => true));
@@ -201,8 +196,7 @@ async function del(domainObject, location, type, values) {
 
     for (const r of matchingRecords) {
         const [error, response] = await safe(superagent.del(`${ENDPOINT}/records/${r.id}`)
-        .set('Authorization', `Bearer ${domainConfig.token}`)
-            // .set('Auth-API-Token', domainConfig.token)
+            .set('Auth-API-Token', domainConfig.token)
             .timeout(30 * 1000)
             .retry(5)
             .ok(() => true));