diff --git a/app/models/key.rb b/app/models/key.rb
index 80ffe5f..76da4dd 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -4,4 +4,10 @@ class Key < ActiveRecord::Base
   has_secure_token :token
 
   validates :name, presence: true
+
+  class << self
+    def authenticate token
+      find_by_token token
+    end
+  end
 end
diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb
index 0f0cfbf..05775e7 100644
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@@ -9,4 +9,20 @@ describe Key do
     key.save
     expect(key.token).to match /\A[\w\d]{24,}\z/
   end
+
+  describe '.authenticate' do
+    context 'when given token belong to existing key' do
+      before { key.save }
+
+      it 'returns the key' do
+        expect(described_class.authenticate key.token).to eq key
+      end
+    end
+
+    context 'when given token is unknown' do
+      it 'returns nil' do
+        expect(described_class.authenticate key.token).to be nil
+      end
+    end
+  end
 end