diff --git a/lib/expressapp.js b/lib/expressapp.js
index 0dec65d..508acfc 100644
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@@ -38,7 +38,7 @@ ExpressApp.prototype.start = function(opts, cb) {
   this.app.use(function(req, res, next) {
     res.setHeader('Access-Control-Allow-Origin', '*');
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
-    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,x-client-version,X-Requested-With,Content-Type,Authorization');
+    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,x-session,x-client-version,X-Requested-With,Content-Type,Authorization');
     res.setHeader('x-service-version', WalletService.getServiceVersion());
     next();
   });
@@ -125,6 +125,7 @@ ExpressApp.prototype.start = function(opts, cb) {
     return {
       copayerId: identity,
       signature: req.header('x-signature'),
+      session: req.header('x-session'),
     };
   };
 
@@ -135,7 +136,13 @@ ExpressApp.prototype.start = function(opts, cb) {
     return WalletService.getInstance(opts);
   };
 
-  function getServerWithAuth(req, res, cb) {
+  function getServerWithAuth(req, res, opts, cb) {
+    if (_.isFunction(opts)) {
+      cb = opts;
+      opts = {};
+    }
+    opts = opts || {};
+
     var credentials = getCredentials(req);
     if (!credentials)
       return returnError(new WalletService.ClientError({
@@ -148,6 +155,9 @@ ExpressApp.prototype.start = function(opts, cb) {
       signature: credentials.signature,
       clientVersion: req.header('x-client-version'),
     };
+    if (opts.allowSession) {
+      auth.session = credentials.session;
+    }
     WalletService.getInstanceWithAuth(auth, function(err, server) {
       if (err) return returnError(err, res, req);
 
@@ -555,10 +565,10 @@ ExpressApp.prototype.start = function(opts, cb) {
   });
 
   router.get('/v1/notifications/', function(req, res) {
-    getServerWithAuth(req, res, function(server) {
+    getServerWithAuth(req, res, {
+      allowSession: true,
+    }, function(server) {
       var timeSpan = req.query.timeSpan ? Math.min(+req.query.timeSpan || 0, Defaults.MAX_NOTIFICATIONS_TIMESPAN) : Defaults.NOTIFICATIONS_TIMESPAN;
-
-
       var opts = {
         minTs: +Date.now() - (timeSpan * 1000),
         notificationId: req.query.notificationId,