diff --git a/pykube/http.py b/pykube/http.py
index 88b3573..54c4478 100644
--- a/pykube/http.py
+++ b/pykube/http.py
@@ -86,7 +86,11 @@ def send(self, request, **kwargs):
 
         # setup cluster API authentication
 
-        if "token" in config.user and config.user["token"]:
+        if "Authorization" in request.headers:
+            # request already has some auth header (e.g. Bearer token)
+            # don't modify/overwrite it
+            pass
+        elif "token" in config.user and config.user["token"]:
             request.headers["Authorization"] = "Bearer {}".format(config.user["token"])
         elif "auth-provider" in config.user:
             auth_provider = config.user["auth-provider"]
diff --git a/tests/test_http.py b/tests/test_http.py
index 68017bc..d25b7e7 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -47,3 +47,18 @@ def test_http_insecure_skip_tls_verify(monkeypatch):
     mock_send.assert_called_once()
     # check that SSL is not verified
     assert not mock_send.call_args[1]['verify']
+
+
+def test_http_do_not_overwrite_auth(monkeypatch):
+    cfg = KubeConfig.from_file(GOOD_CONFIG_FILE_PATH)
+    api = HTTPClient(cfg)
+
+    mock_send = MagicMock()
+    mock_send.side_effect = Exception('MOCK HTTP')
+    monkeypatch.setattr('pykube.http.KubernetesHTTPAdapter._do_send', mock_send)
+
+    with pytest.raises(Exception):
+        api.get(url='test', headers={'Authorization': 'Bearer testtoken'})
+
+    mock_send.assert_called_once()
+    assert mock_send.call_args[0][0].headers['Authorization'] == 'Bearer testtoken'