diff --git a/app/src/Middleware/API.php b/app/src/Middleware/API.php
index 5c66679..22dab2b 100644
--- a/app/src/Middleware/API.php
+++ b/app/src/Middleware/API.php
@@ -88,7 +88,9 @@ class API
         $data = $this->externalPaths[$basePath][$subPath];
         if (isset($data['validator'])) {
             $method = [$data['validator'], 'validateToken'];
-            return $method($request, $data['token']);
+            if ($method($request, $data['token'])) {
+                return true;
+            }
         }
         if (isset($data['header']) and $request->hasHeader($data['header'])) {
             $token = $request->getHeaderLine($data['header']);
diff --git a/app/src/Service/Venta/MediosPago/Toku.php b/app/src/Service/Venta/MediosPago/Toku.php
index 6b58df3..460c595 100644
--- a/app/src/Service/Venta/MediosPago/Toku.php
+++ b/app/src/Service/Venta/MediosPago/Toku.php
@@ -397,7 +397,14 @@ class Toku extends Ideal\Service
 
     public static function validateToken(ServerRequestInterface $request, string $token): bool
     {
-        $tokenHeader = json_decode($request->getHeaderLine('token'));
-        return strtolower($tokenHeader->header) === 'x-api-key' and $tokenHeader->token === $token;
+        $tokenHeader = $request->getHeader('token');
+        if (is_array($tokenHeader)) {
+            $tokenHeader = $tokenHeader[0];
+        }
+        $json = json_decode($tokenHeader, true);
+        if ($json !== null) {
+            $tokenHeader = $json;
+        }
+        return strtolower($tokenHeader['header']) === 'x-api-key' and $tokenHeader['token'] === $token;
     }
 }