diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
index d4592dae23af..9e27317199d1 100644
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -80,6 +80,10 @@ class Authenticate
             if (! $authenticated && $contact && ! $contact->password) {
                 $authenticated = true;
             }
+
+            if (env('PHANTOMJS_SECRET') && $request->phantomjs_secret && hash_equals(env('PHANTOMJS_SECRET'), $request->phantomjs_secret)) {
+                $authenticated = true;
+            }
         }
 
         if (! $authenticated) {
diff --git a/app/Models/Invoice.php b/app/Models/Invoice.php
index bf6065fd8f23..75a1649b2c4e 100644
--- a/app/Models/Invoice.php
+++ b/app/Models/Invoice.php
@@ -1221,7 +1221,7 @@ class Invoice extends EntityModel implements BalanceAffecting
 
         try {
             if (env('PHANTOMJS_BIN_PATH')) {
-                $pdfString = CurlUtils::phantom('GET', $link . '?phantomjs=true');
+                $pdfString = CurlUtils::phantom('GET', $link . '?phantomjs=true&phantomjs_secret=' . env('PHANTOMJS_SECRET'));
             } elseif ($key = env('PHANTOMJS_CLOUD_KEY')) {
                 if (Utils::isNinjaDev()) {
                     $link = env('TEST_LINK');