diff --git a/apps/server/src/modules/server/server.config.ts b/apps/server/src/modules/server/server.config.ts
index 6d80e20d2ce..615b80cfa8e 100644
--- a/apps/server/src/modules/server/server.config.ts
+++ b/apps/server/src/modules/server/server.config.ts
@@ -31,8 +31,8 @@ export enum NodeEnvType {
 	MIGRATION = 'migration',
 }
 
-// Envirement keys should be added over configs from modules, directly adding is only allow for legacy stuff
-// Maye some of them must be outsource to additional microservice config endpoints.
+// Environment keys should be added over configs from modules, directly adding is only allow for legacy stuff
+// Maye some of them must be outsourced to additional microservice config endpoints.
 export interface ServerConfig
 	extends CoreModuleConfig,
 		UserConfig,
@@ -168,9 +168,10 @@ const config: ServerConfig = {
 	FEATURE_IDENTITY_MANAGEMENT_LOGIN_ENABLED: Configuration.get('FEATURE_IDENTITY_MANAGEMENT_LOGIN_ENABLED') as boolean,
 	STUDENT_TEAM_CREATION: Configuration.get('STUDENT_TEAM_CREATION') as string,
 	SYNCHRONIZATION_CHUNK: Configuration.get('SYNCHRONIZATION_CHUNK') as number,
+	// parse [<description>:]<token>,[<description>:]<token>... and  discard description
 	ADMIN_API__ALLOWED_API_KEYS: (Configuration.get('ADMIN_API__ALLOWED_API_KEYS') as string)
 		.split(',')
-		.map((apiKey) => apiKey.trim()),
+		.map((part) => (part.split(':').pop() ?? '').trim()),
 	BLOCKLIST_OF_EMAIL_DOMAINS: (Configuration.get('BLOCKLIST_OF_EMAIL_DOMAINS') as string)
 		.split(',')
 		.map((domain) => domain.trim()),
diff --git a/config/default.schema.json b/config/default.schema.json
index 4c0769f8471..369af56d2bc 100644
--- a/config/default.schema.json
+++ b/config/default.schema.json
@@ -1344,7 +1344,7 @@
 				},
 				"ALLOWED_API_KEYS": {
 					"type": "string",
-					"description": "Allowed Admin API keys (for accessing the Admin API)."
+					"description": "Allowed Admin API keys (for accessing the Admin API). - A comma seperated list of strings where description is optional e.g. [<description>:]<token>,[<description>:]<token>"
 				}
 			},
 			"default": {
diff --git a/config/test.json b/config/test.json
index 48c2a9c8119..e5134aef008 100644
--- a/config/test.json
+++ b/config/test.json
@@ -84,7 +84,7 @@
 		"CLIENT_ID": "schulcloud",
 		"CLIENT_SECRET": "secret"
 	},
-	"ADMIN_API": { "ALLOWED_API_KEYS": "thisistheadminapitokeninthetestconfig" },
+	"ADMIN_API": { "ALLOWED_API_KEYS": "onlyusedintests:thisistheadminapitokeninthetestconfig,someotherkey" },
 	"EXIT_ON_ERROR": false,
 	"TEACHER_STUDENT_VISIBILITY": {
 		"IS_CONFIGURABLE": false,