diff --git a/src/scripts/backupapp.sh b/src/scripts/backupapp.sh
index da62b9139..8d9d5da16 100755
--- a/src/scripts/backupapp.sh
+++ b/src/scripts/backupapp.sh
@@ -23,7 +23,7 @@ app_id="$1"
 backup_url="$2"
 backup_config_url="$3"
 backup_key="$4"
-session_token="$5"
+session_token="$5" # unused since it seems to be part of the url query param in v4 signature
 readonly now=$(date "+%Y-%m-%dT%H:%M:%S")
 readonly app_data_dir="${DATA_DIR}/${app_id}"
 readonly app_data_snapshot="${DATA_DIR}/snapshots/${app_id}-${now}"
@@ -36,11 +36,6 @@ for try in `seq 1 5`; do
 
     headers=("-H" "Content-Type:")
 
-    # federated tokens in CaaS case need session token
-    if [ ! -z "$session_token" ]; then
-        headers=(${headers[@]} "-H" "x-amz-security-token: ${session_token}")
-    fi
-
     if tar -cvzf - -C "${app_data_snapshot}" . \
            | openssl aes-256-cbc -e -pass "pass:${backup_key}" \
            | curl --fail -X PUT ${headers[@]} --data-binary @- "${backup_url}" 2>"${error_log}"; then
@@ -60,11 +55,6 @@ for try in `seq 1 5`; do
 
     headers=("-H" "Content-Type:")
 
-    # federated tokens in CaaS case need session token
-    if [ ! -z "$session_token" ]; then
-        headers=(${headers[@]} "-H" "x-amz-security-token: ${session_token}")
-    fi
-
     if cat "${app_data_snapshot}/config.json" \
            | curl --fail -X PUT ${headers[@]} --data @- "${backup_config_url}" 2>"${error_log}"; then
         break
diff --git a/src/scripts/restoreapp.sh b/src/scripts/restoreapp.sh
index 702a6f443..00d05d430 100755
--- a/src/scripts/restoreapp.sh
+++ b/src/scripts/restoreapp.sh
@@ -23,7 +23,7 @@ readonly curl="curl --fail --connect-timeout 20 --retry 10 --retry-delay 2 --max
 app_id="$1"
 restore_url="$2"
 restore_key="$3"
-session_token="$4"
+session_token="$4" # unused since it seems to be part of the url query param in v4 signature
 
 echo "Downloading backup: ${restore_url} and key: ${restore_key}"
 
@@ -33,11 +33,6 @@ for try in `seq 1 5`; do
 
     headers=("") # empty element required (http://stackoverflow.com/questions/7577052/bash-empty-array-expansion-with-set-u)
 
-    # federated tokens in CaaS case need session token
-    if [[ ! -z "${session_token}" ]]; then
-        headers=(${headers[@]} "-H" "x-amz-security-token: ${session_token}")
-    fi
-
     if $curl -L "${headers[@]}" "${restore_url}" \
         | openssl aes-256-cbc -d -pass "pass:${restore_key}" \
         | tar -zxf - -C "${DATA_DIR}/${app_id}" 2>"${error_log}"; then