diff --git a/config/settings/base.py b/config/settings/base.py
index d2af7d8a70eb2cc0e1c072b0de3054b55de25ca8..07538188c7b219578fb4666c1fc799b1cb75598d 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -309,6 +309,9 @@ REST_FRAMEWORK = {
         'event_creation': '1/second',
         'annotation'    : '10/second',
     },
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'events.api.backends.LigoAuthentication',
+    ),
 }
 
 # Location of packages installed by bower
diff --git a/gracedb/events/api/backends.py b/gracedb/events/api/backends.py
new file mode 100644
index 0000000000000000000000000000000000000000..ec1ce23ba46b2ee48afe27e61ecebc0bbbfba836
--- /dev/null
+++ b/gracedb/events/api/backends.py
@@ -0,0 +1,28 @@
+from django.contrib.auth import get_user_model
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import authentication, exceptions
+
+
+UserModel = get_user_model()
+
+# We do not want to handle authentication here because it has already
+# been taken care of by Apache/Shib or Apache/mod_ssl. Moreover the
+# auth middleware has already added a user to the request object. To
+# play well with the django rest framework, we need to pretend like we
+# authenticated the user. Remember that the request object here is a
+# *wrapped* version of the Django request, so we have to dig inside it
+# for the user.
+class LigoAuthentication(authentication.BaseAuthentication):
+    def authenticate(self, request):
+        user = None
+        try:
+            user = request._request.user
+        except:
+            pass
+
+        if isinstance(user, UserModel):
+            return (user, None)
+        else:
+            raise exceptions.AuthenticationFailed(_('Bad user'))
+
+
diff --git a/gracedb/events/api/views.py b/gracedb/events/api/views.py
index 4a657461c7c585b33327f09a1371b026f8b047d1..cf4d806bd1954945c25e0f47f3fcc78399d81acc 100644
--- a/gracedb/events/api/views.py
+++ b/gracedb/events/api/views.py
@@ -28,6 +28,7 @@ from ..forms import CreateEventForm
 from ..permission_utils import user_has_perm, filter_events_for_user, \
     is_external, check_external_file_access
 
+from .backends import LigoAuthentication
 from .throttles import EventCreationThrottle, AnnotationThrottle
 
 from core.vfile import VersionedFile
@@ -83,28 +84,6 @@ import StringIO
 
 use_in(LIGOLWContentHandler)
 
-# 
-# We do not want to handle authentication here because it has already
-# been taken care of by Apache/Shib or Apache/mod_ssl. Moreover the 
-# auth middleware has already added a user to the request object. To
-# play well with the django rest framework, we need to pretend like we
-# authenticated the user. Remember that the request object here is a 
-# *wrapped* version of the Django request, so we have to dig inside it
-# for the user.
-#
-class LigoAuthentication(authentication.BaseAuthentication):
-    def authenticate(self, request):
-        user = None
-        try: 
-            user = request._request.user
-        except:
-            pass                    
-
-        if isinstance(user, User):
-            return (user, None)
-        else:
-            raise exceptions.AuthenticationFailed("Bad user")
-
 #
 # A custom permission class for the EventDetail view. 
 #