diff --git a/tests/federation/node_pairing_test.go b/tests/federation/node_pairing_test.go
index 44bf17641..47cd6c5c4 100644
--- a/tests/federation/node_pairing_test.go
+++ b/tests/federation/node_pairing_test.go
@@ -148,6 +148,9 @@ func TestSuccessfulNodePairing(t *testing.T) {
 			init: func(ctx context.Context, n *types.Node, authToken string) error {
 				h.apiInit().
 					//Debug().
+					// make sure we do not use test auth-token for authentication but
+					// we do it with pairing token
+					Intercept(helpers.ReqHeaderAuthBearer(nil)).
 					Post(fmt.Sprintf("/nodes/%d/handshake", n.SharedNodeID)).
 					FormData("pairToken", n.PairToken).
 					FormData("authToken", authToken).
@@ -181,6 +184,9 @@ func TestSuccessfulNodePairing(t *testing.T) {
 			complete: func(ctx context.Context, n *types.Node, authToken string) error {
 				h.apiInit().
 					//Debug().
+					// make sure we do not use test auth-token but
+					// one provided to us in the initial handshake step
+					Intercept(helpers.ReqHeaderRawAuthBearer(n.AuthToken)).
 					Post(fmt.Sprintf("/nodes/%d/handshake-complete", n.SharedNodeID)).
 					FormData("authToken", authToken).
 					Expect(t).
diff --git a/tests/helpers/auth.go b/tests/helpers/auth.go
index d9c0553aa..6813a43fe 100644
--- a/tests/helpers/auth.go
+++ b/tests/helpers/auth.go
@@ -19,6 +19,16 @@ func BindAuthMiddleware(r chi.Router) {
 
 func ReqHeaderAuthBearer(user *types.User) apitest.Intercept {
 	return func(req *http.Request) {
-		req.Header.Set("Authorization", "Bearer "+auth.DefaultJwtHandler.Encode(user))
+		if user == nil {
+			req.Header.Del("Authorization")
+		} else {
+			req.Header.Set("Authorization", "Bearer "+auth.DefaultJwtHandler.Encode(user))
+		}
+	}
+}
+
+func ReqHeaderRawAuthBearer(token string) apitest.Intercept {
+	return func(req *http.Request) {
+		req.Header.Set("Authorization", "Bearer "+token)
 	}
 }