diff --git a/includes/class-access-control.php b/includes/class-access-control.php
index ed91d2ca..ac1f73bb 100644
--- a/includes/class-access-control.php
+++ b/includes/class-access-control.php
@@ -349,4 +349,45 @@ public function option_comment_whitelist( $value ) {
 		}
 		return $value;
 	}
+
+	public static function check_browser_api_key( $key ) {
+		$parts = explode( '-', $key, 3 );
+		if ( 3 !== count( $parts ) ) {
+			return false;
+		}
+
+		$user_id = (int) $parts[1];
+		if ( ! $user_id ) {
+			return false;
+		}
+
+		$desired_key = self::get_browser_api_key( $user_id );
+		if ( ! $desired_key ) {
+			return false;
+		}
+
+		return $key === $desired_key;
+	}
+
+	public static function revoke_browser_api_key( $user_id = false ) {
+		if ( ! $user_id ) {
+			$user_id = get_current_user_id();
+		}
+
+		delete_user_option( $user_id, 'friends_browser_api_key' );
+	}
+
+	public static function get_browser_api_key( $user_id = false ) {
+		if ( ! $user_id ) {
+			$user_id = get_current_user_id();
+		}
+
+		$key = get_user_option( 'friends_browser_api_key', $user_id );
+		if ( ! $key ) {
+			$key = 'friends-' . $user_id . '-' . wp_generate_password( 32, false );
+			update_user_option( $user_id, 'friends_browser_api_key', $key );
+		}
+
+		return $key;
+	}
 }
diff --git a/includes/class-admin.php b/includes/class-admin.php
index 164ebb2a..1650794d 100644
--- a/includes/class-admin.php
+++ b/includes/class-admin.php
@@ -2754,19 +2754,15 @@ function ( $menu ) {
 			)
 		);
 		$this->check_admin_settings();
-		$browser_api_key = get_option( 'friends_browser_api_key' );
+		$browser_api_key = Access_Control::get_browser_api_key();
 
 		if ( isset( $_POST['_wpnonce'] ) && wp_verify_nonce( sanitize_key( $_POST['_wpnonce'] ), 'friends-browser-extension' ) ) {
 			if ( isset( $_POST['revoke-api-key'] ) ) {
-				$browser_api_key = false;
+				Access_Control::revoke_browser_api_key();
+				$browser_api_key = Access_Control::get_browser_api_key();
 			}
 		}
 
-		if ( ! $browser_api_key ) {
-			$browser_api_key = wp_generate_password( 32, false );
-			update_option( 'friends_browser_api_key', $browser_api_key );
-		}
-
 		Friends::template_loader()->get_template_part(
 			'admin/browser-extension',
 			null,
diff --git a/includes/class-rest.php b/includes/class-rest.php
index 34989f0b..bf42aebb 100644
--- a/includes/class-rest.php
+++ b/includes/class-rest.php
@@ -678,7 +678,7 @@ public function rest_extension( $request ) {
 		);
 
 		if ( 'POST' === $request->get_method() && $request->get_param( 'key' ) ) {
-			if ( $request->get_param( 'key' ) === get_option( 'friends_browser_api_key' ) ) {
+			if ( Access_Control::check_browser_api_key( $request->get_param( 'key' ) ) ) {
 				$return = apply_filters( 'friends_browser_extension_rest_info', $return );
 			} else {
 				$return['error'] = 'Invalid API key';