diff --git a/src/appstore.js b/src/appstore.js
index c9db26771..5295bb5bb 100644
--- a/src/appstore.js
+++ b/src/appstore.js
@@ -20,7 +20,6 @@ exports = module.exports = {
     purchaseApp,
     unpurchaseApp,
 
-    getWebToken,
     getSubscription,
     isFreePlan,
 
@@ -124,15 +123,6 @@ async function registerUser(email, password) {
     if (response.status !== 201) throw new BoxError(BoxError.EXTERNAL_ERROR, `Registration error. invalid response: ${response.status}`);
 }
 
-async function getWebToken() {
-    if (constants.DEMO) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
-
-    const token = await settings.set(settings.APPSTORE_WEB_TOKEN_KEY);
-    if (!token) throw new BoxError(BoxError.NOT_FOUND); // user will have to re-login with password somehow
-
-    return token;
-}
-
 async function getSubscription() {
     const token = await settings.get(settings.APPSTORE_API_TOKEN_KEY);
     if (!token) throw new BoxError(BoxError.LICENSE_ERROR, 'Missing token');
@@ -312,7 +302,6 @@ async function registerCloudron(data) {
 
     await settings.set(settings.CLOUDRON_ID_KEY, response.body.cloudronId);
     await settings.set(settings.APPSTORE_API_TOKEN_KEY, response.body.cloudronToken);
-    await settings.set(settings.APPSTORE_WEB_TOKEN_KEY, accessToken);
 
     debug(`registerCloudron: Cloudron registered with id ${response.body.cloudronId}`);
 }
@@ -372,7 +361,6 @@ async function registerCloudronWithLogin(options) {
 async function unregister() {
     await settings.set(settings.CLOUDRON_ID_KEY, '');
     await settings.set(settings.APPSTORE_API_TOKEN_KEY, '');
-    await settings.set(settings.APPSTORE_WEB_TOKEN_KEY, '');
 }
 
 async function createTicket(info, auditSource) {
diff --git a/src/routes/appstore.js b/src/routes/appstore.js
index 002e2a7ba..4a398b925 100644
--- a/src/routes/appstore.js
+++ b/src/routes/appstore.js
@@ -5,7 +5,6 @@ exports = module.exports = {
     getApp,
     getAppVersion,
 
-    getWebToken,
     registerCloudronWithSetupToken,
     registerCloudronWithLogin,
     getSubscription
@@ -46,13 +45,6 @@ async function getAppVersion(req, res, next) {
     next(new HttpSuccess(200, manifest));
 }
 
-async function getWebToken(req, res, next) {
-    const [error, accessToken] = await safe(appstore.getWebToken());
-    if (error) return next(BoxError.toHttpError(error));
-
-    next(new HttpSuccess(200, { accessToken }));
-}
-
 async function registerCloudronWithSetupToken(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
diff --git a/src/routes/test/appstore-test.js b/src/routes/test/appstore-test.js
index a9dd8725e..865693ba5 100644
--- a/src/routes/test/appstore-test.js
+++ b/src/routes/test/appstore-test.js
@@ -106,7 +106,6 @@ describe('Appstore Cloudron Registration API - existing user', function () {
         expect(scope2.isDone()).to.be.ok();
         expect(scope3.isDone()).to.be.ok();
         expect(await settings.get(settings.APPSTORE_API_TOKEN_KEY)).to.be('CLOUDRON_TOKEN');
-        expect(await settings.get(settings.APPSTORE_WEB_TOKEN_KEY)).to.be('SECRET_TOKEN');
         nock.cleanAll();
     });
 
@@ -154,7 +153,6 @@ describe('Appstore Cloudron Registration API - new user signup', function () {
         expect(scope2.isDone()).to.be.ok();
         expect(scope3.isDone()).to.be.ok();
         expect(await settings.get(settings.APPSTORE_API_TOKEN_KEY)).to.be('CLOUDRON_TOKEN');
-        expect(await settings.get(settings.APPSTORE_WEB_TOKEN_KEY)).to.be('SECRET_TOKEN');
     });
 
     it('can get subscription', async function () {
diff --git a/src/server.js b/src/server.js
index ae622d02b..d8eb92f45 100644
--- a/src/server.js
+++ b/src/server.js
@@ -221,7 +221,6 @@ async function initializeExpressSync() {
     // appstore and subscription routes
     router.post('/api/v1/appstore/register_cloudron',                    json, token, authorizeOwner, routes.appstore.registerCloudronWithLogin);
     router.post('/api/v1/appstore/register_cloudron_with_setup_token',   json, token, authorizeOwner, routes.appstore.registerCloudronWithSetupToken);
-    router.get ('/api/v1/appstore/web_token',                            json, token, authorizeOwner, routes.appstore.getWebToken);
     router.get ('/api/v1/appstore/subscription',                               token, authorizeUser,  routes.appstore.getSubscription); // for all users
     router.get ('/api/v1/appstore/apps',                                       token, authorizeAdmin, routes.appstore.getApps);
     router.get ('/api/v1/appstore/apps/:appstoreId',                           token, authorizeAdmin, routes.appstore.getApp);
diff --git a/src/settings.js b/src/settings.js
index c35eec1a3..dd216277c 100644
--- a/src/settings.js
+++ b/src/settings.js
@@ -11,7 +11,6 @@ exports = module.exports = {
     setBlob,
 
     APPSTORE_API_TOKEN_KEY: 'appstore_api_token',
-    APPSTORE_WEB_TOKEN_KEY: 'appstore_web_token',
     API_SERVER_ORIGIN_KEY: 'api_server_origin',
     AUTOUPDATE_PATTERN_KEY: 'autoupdate_pattern',
     BACKUP_STORAGE_KEY: 'backup_storage',