diff --git a/Gemfile.lock b/Gemfile.lock
index 82e43ea..9c895ad 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,22 +1,22 @@
 PATH
   remote: .
   specs:
-    ruby-pardot (1.1.0)
-      crack
-      httparty
+    ruby-pardot (1.3.2)
+      crack (= 0.4.3)
+      httparty (= 0.13.1)
 
 GEM
   remote: http://rubygems.org/
   specs:
-    crack (0.4.2)
+    crack (0.4.3)
       safe_yaml (~> 1.0.0)
     diff-lcs (1.1.2)
     fakeweb (1.3.0)
     httparty (0.13.1)
       json (~> 1.8)
       multi_xml (>= 0.5.2)
-    json (1.8.3)
-    multi_xml (0.5.5)
+    json (1.8.6)
+    multi_xml (0.6.0)
     rspec (2.5.0)
       rspec-core (~> 2.5.0)
       rspec-expectations (~> 2.5.0)
@@ -25,7 +25,7 @@ GEM
     rspec-expectations (2.5.0)
       diff-lcs (~> 1.1.2)
     rspec-mocks (2.5.0)
-    safe_yaml (1.0.4)
+    safe_yaml (1.0.5)
 
 PLATFORMS
   ruby
@@ -37,4 +37,4 @@ DEPENDENCIES
   ruby-pardot!
 
 BUNDLED WITH
-   1.11.2
+   2.0.2
diff --git a/README.rdoc b/README.rdoc
index b8bd251..0c7891d 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -20,6 +20,7 @@ The client will authenticate before performing other API calls, but you can manu
 
 The available objects are:
 
+* custom_fields 
 * emails
 * lists
 * opportunities
diff --git a/lib/pardot/authentication.rb b/lib/pardot/authentication.rb
index 7919285..85370e8 100644
--- a/lib/pardot/authentication.rb
+++ b/lib/pardot/authentication.rb
@@ -2,7 +2,7 @@ module Pardot
   module Authentication
     
     def authenticate
-      resp = post "login", nil, :email => @email, :password => @password, :user_key => @user_key
+      resp = post "login", nil, nil, nil, :email => @email, :password => @password, :user_key => @user_key
       update_version(resp["version"]) if resp && resp["version"]
       @api_key = resp && resp["api_key"]
     end
diff --git a/lib/pardot/client.rb b/lib/pardot/client.rb
index 36e9745..87ec5e7 100644
--- a/lib/pardot/client.rb
+++ b/lib/pardot/client.rb
@@ -9,6 +9,7 @@ class Client
     include Authentication
     include Http
 
+    include Objects::CustomFields
     include Objects::Emails
     include Objects::Lists
     include Objects::ListMemberships
diff --git a/lib/pardot/http.rb b/lib/pardot/http.rb
index 0dd33e9..01ba5fd 100644
--- a/lib/pardot/http.rb
+++ b/lib/pardot/http.rb
@@ -4,7 +4,8 @@ module Http
     def get object, path, params = {}, num_retries = 0
       smooth_params object, params
       full_path = fullpath object, path
-      check_response self.class.get(full_path, :query => params)
+      headers = create_auth_header object
+      check_response self.class.get(full_path, :query => params, :headers => headers)
       
     rescue Pardot::ExpiredApiKeyError => e
       handle_expired_api_key :get, object, path, params, num_retries, e
@@ -13,10 +14,11 @@ def get object, path, params = {}, num_retries = 0
       raise Pardot::NetError.new(e)
     end
     
-    def post object, path, params = {}, num_retries = 0
+    def post object, path, params = {}, num_retries = 0, bodyParams = {}
       smooth_params object, params
       full_path = fullpath object, path
-      check_response self.class.post(full_path, :query => params)
+      headers = create_auth_header object
+      check_response self.class.post(full_path, :query => params, :body => bodyParams, :headers => headers)
       
     rescue Pardot::ExpiredApiKeyError => e
       handle_expired_api_key :post, object, path, params, num_retries, e
@@ -39,7 +41,14 @@ def smooth_params object, params
       return if object == "login"
       
       authenticate unless authenticated?
-      params.merge! :user_key => @user_key, :api_key => @api_key, :format => @format
+      params.merge! :format => @format
+    end
+
+    def create_auth_header object
+      return if object == "login"
+      # { :Authorization => "Pardot api_key=#{@api_key}, user_key=#{@user_key}" }
+      { :Authorization => "Bearer 00D030000004Yxj!ARYAQM5rCFm65bX3wwx_bpWBzEb1w8Bbp0_zuWe1XXliCcfKtalT42o6dMpEeG4uDFy3hzww9f.SPHCuk40MatRfkw8cC0LX", "Pardot-Business-Unit-Id" => "0Uv03000000CaRgCAK"  }
+
     end
     
     def check_response http_response
diff --git a/lib/pardot/objects/custom_fields.rb b/lib/pardot/objects/custom_fields.rb
new file mode 100644
index 0000000..2f0e812
--- /dev/null
+++ b/lib/pardot/objects/custom_fields.rb
@@ -0,0 +1,37 @@
+module Pardot
+  module Objects
+    module CustomFields
+      
+      def custom_fields
+        @custom_fields ||= CustomFields.new self
+      end
+      
+      class CustomFields
+        
+        def initialize client
+          @client = client
+        end
+        
+        def query params
+          result = get "/do/query", params, "result"
+          result["total_results"] = result["total_results"].to_i if result["total_results"]
+          result
+        end
+        
+        protected
+        
+        def get path, params = {}, result = "customField"
+          response = @client.get "customField", path, params
+          result ? response[result] : response
+        end
+        
+        def post path, params = {}, result = "user"
+          response = @client.post "customField", path, params
+          result ? response[result] : response
+        end
+        
+      end
+      
+    end
+  end
+end
diff --git a/lib/pardot/objects/prospects.rb b/lib/pardot/objects/prospects.rb
index 583f3d2..032be20 100644
--- a/lib/pardot/objects/prospects.rb
+++ b/lib/pardot/objects/prospects.rb
@@ -1,109 +1,111 @@
+require 'cgi'
+
 module Pardot
   module Objects
     module Prospects
-      
+
       def prospects
         @prospects ||= Prospects.new self
       end
-      
+
       class Prospects
-        
+
         def initialize client
           @client = client
         end
-        
+
         def query search_criteria
           result = get "/do/query", search_criteria, "result"
           result["total_results"] = result["total_results"].to_i if result["total_results"]
           result
         end
-        
+
         def assign_by_email email, params
-          post "/do/assign/email/#{email}", params
+          post "/do/assign/email/#{CGI.escape(email)}", params
         end
-        
+
         def assign_by_id id, params
-          post "/do/assign/id/#{id}", params
+          post "/do/assign/id/#{CGI.escape(id)}", params
         end
-        
+
         def assign_by_fid fid, params
-          post "/do/assign/fid/#{fid}", params
+          post "/do/assign/fid/#{CGI.escape(fid)}", params
         end
-        
+
         def create email, params = {}
-          post "/do/create/email/#{email}", params
+          post "/do/create/email/#{CGI.escape(email)}", params
         end
-        
+
         def delete_by_id id, params = {}
-          post "/do/delete/id/#{id}", params
+          post "/do/delete/id/#{CGI.escape(id)}", params
         end
-        
+
         def delete_by_fid fid, params = {}
-          post "/do/delete/fid/#{fid}", params
+          post "/do/delete/fid/#{CGI.escape(fid)}", params
         end
-        
+
         def read_by_email email, params = {}
-          post "/do/read/email/#{email}", params
+          post "/do/read/email/#{CGI.escape(email)}", params
         end
-        
+
         def read_by_id id, params = {}
-          post "/do/read/id/#{id}", params
+          post "/do/read/id/#{CGI.escape(id)}", params
         end
-        
+
         def read_by_fid fid, params = {}
-          post "/do/read/fid/#{fid}", params
+          post "/do/read/fid/#{CGI.escape(fid)}", params
         end
-        
+
         def unassign_by_email email, params = {}
-          post "/do/unassign/email/#{email}", params
+          post "/do/unassign/email/#{CGI.escape(email)}", params
         end
-        
+
         def unassign_by_id id, params = {}
-          post "/do/unassign/id/#{id}", params
+          post "/do/unassign/id/#{CGI.escape(id)}", params
         end
-        
+
         def unassign_by_fid fid, params = {}
-          post "/do/unassign/fid/#{fid}", params
+          post "/do/unassign/fid/#{CGI.escape(fid)}", params
         end
-        
+
         def update_by_email email, params = {}
-          post "/do/update/email/#{email}", params
+          post "/do/update/email/#{CGI.escape(email)}", params
         end
-        
+
         def update_by_id id, params = {}
-          post "/do/update/id/#{id}", params
+          post "/do/update/id/#{CGI.escape(id)}", params
         end
-        
+
         def update_by_fid fid, params = {}
-          post "/do/update/fid/#{fid}", params
+          post "/do/update/fid/#{CGI.escape(fid)}", params
         end
-        
+
         def upsert_by_email email, params = {}
-          post "/do/upsert/email/#{email}", params
+          post "/do/upsert/email/#{CGI.escape(email)}", params
         end
-        
+
         def upsert_by_id id, params = {}
-          post "/do/upsert/id/#{id}", params
+          post "/do/upsert/id/#{CGI.escape(id)}", params
         end
-        
+
         def upsert_by_fid fid, params = {}
-          post "/do/upsert/fid/#{fid}", params
+          post "/do/upsert/fid/#{CGI.escape(fid)}", params
         end
-        
+
         protected
-        
+
         def get path, params = {}, result = "prospect"
           response = @client.get "prospect", path, params
           result ? response[result] : response
         end
-        
+
         def post path, params = {}, result = "prospect"
           response = @client.post "prospect", path, params
           result ? response[result] : response
         end
-        
+
       end
-      
+
     end
   end
 end
diff --git a/lib/pardot/version.rb b/lib/pardot/version.rb
index e305cb3..b74f415 100644
--- a/lib/pardot/version.rb
+++ b/lib/pardot/version.rb
@@ -1,3 +1,3 @@
 module Pardot
-  VERSION = "1.1.0"
+  VERSION = "1.3.2"
 end
diff --git a/lib/ruby-pardot.rb b/lib/ruby-pardot.rb
index cb44ecb..5fca7ef 100644
--- a/lib/ruby-pardot.rb
+++ b/lib/ruby-pardot.rb
@@ -6,6 +6,7 @@
 require 'pardot/error'
 require 'pardot/authentication'
 
+require 'pardot/objects/custom_fields'
 require 'pardot/objects/emails'
 require 'pardot/objects/lists'
 require 'pardot/objects/list_memberships'
diff --git a/ruby-pardot.gemspec b/ruby-pardot.gemspec
index f710b11..4e46b42 100644
--- a/ruby-pardot.gemspec
+++ b/ruby-pardot.gemspec
@@ -14,8 +14,8 @@ Gem::Specification.new do |s|
   s.required_rubygems_version = ">= 1.3.6"
   s.rubyforge_project         = "ruby-pardot"
 
-  s.add_dependency "crack"
-  s.add_dependency "httparty"
+  s.add_dependency "crack", "0.4.3"
+  s.add_dependency "httparty", "0.13.1"
 
   s.add_development_dependency "bundler", ">= 1.10"
   s.add_development_dependency "rspec"
diff --git a/spec/pardot/authentication_spec.rb b/spec/pardot/authentication_spec.rb
index ee0af8d..fa74aaa 100644
--- a/spec/pardot/authentication_spec.rb
+++ b/spec/pardot/authentication_spec.rb
@@ -11,13 +11,17 @@ def create_client
     before do
       @client = create_client
       
-      fake_post "/api/login/version/3?email=user%40test.com&password=foo&user_key=bar",
+      fake_post "/api/login/version/3",
                 %(<?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="ok" version="1.0">\n   <api_key>my_api_key</api_key>\n</rsp>\n)
     end
     
     def authenticate
       @client.authenticate
     end
+
+    def verifyBody
+      FakeWeb.last_request.body.should == 'email=user%40test.com&password=foo&user_key=bar'
+    end
     
     it "should return the api key" do
       authenticate.should == "my_api_key"
@@ -26,16 +30,19 @@ def authenticate
     it "should set the api key" do
       authenticate
       @client.api_key.should == "my_api_key"
+      verifyBody
     end
     
     it "should make authenticated? true" do
       authenticate
       @client.authenticated?.should == true
+      verifyBody
     end
 
     it "should use version 3" do
       authenticate
       @client.version.to_i.should == 3
+      verifyBody
     end
     
   end
@@ -45,13 +52,17 @@ def authenticate
     before do
       @client = create_client
       
-      fake_post "/api/login/version/3?email=user%40test.com&password=foo&user_key=bar",
+      fake_post "/api/login/version/3",
                 %(<?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="ok" version="1.0">\n   <api_key>my_api_key</api_key>\n<version>4</version>\n</rsp>\n)
     end
     
     def authenticate
       @client.authenticate
     end
+
+    def verifyBody
+      FakeWeb.last_request.body.should == 'email=user%40test.com&password=foo&user_key=bar'
+    end
     
     it "should return the api key" do
       authenticate.should == "my_api_key"
@@ -60,16 +71,19 @@ def authenticate
     it "should set the api key" do
       authenticate
       @client.api_key.should == "my_api_key"
+      verifyBody
     end
     
     it "should make authenticated? true" do
       authenticate
       @client.authenticated?.should == true
+      verifyBody
     end
 
     it "should use version 4" do
       authenticate
       @client.version.to_i.should == 4
+      verifyBody
     end
     
   end
diff --git a/spec/pardot/http_spec.rb b/spec/pardot/http_spec.rb
index 0039887..747ca4e 100644
--- a/spec/pardot/http_spec.rb
+++ b/spec/pardot/http_spec.rb
@@ -18,7 +18,7 @@ def get object = "foo", path = "/bar", params = {}
     end
     
     it "should notice errors and raise them as Pardot::ResponseError" do
-      fake_get "/api/foo/version/3/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_get "/api/foo/version/3/bar?format=simple",
                %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Login failed</err>\n</rsp>\n)
       
       lambda { get }.should raise_error(Pardot::ResponseError)
@@ -31,7 +31,7 @@ def get object = "foo", path = "/bar", params = {}
     end
     
     it "should call handle_expired_api_key when the api key expires" do
-      fake_get "/api/foo/version/3/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_get "/api/foo/version/3/bar?format=simple",
                %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Invalid API key or user key</err>\n</rsp>\n)
       
       @client.should_receive(:handle_expired_api_key)
@@ -47,7 +47,7 @@ def post object = "foo", path = "/bar", params = {}
     end
     
     it "should notice errors and raise them as Pardot::ResponseError" do
-      fake_post "/api/foo/version/3/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_post "/api/foo/version/3/bar?format=simple",
                 %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Login failed</err>\n</rsp>\n)
       
       lambda { post }.should raise_error(Pardot::ResponseError)
@@ -60,7 +60,7 @@ def post object = "foo", path = "/bar", params = {}
     end
     
     it "should call handle_expired_api_key when the api key expires" do
-      fake_post "/api/foo/version/3/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_post "/api/foo/version/3/bar?format=simple",
                 %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Invalid API key or user key</err>\n</rsp>\n)
       
       @client.should_receive(:handle_expired_api_key)
@@ -77,7 +77,7 @@ def get object = "foo", path = "/bar", params = {}
     end
     
     it "should notice errors and raise them as Pardot::ResponseError" do
-      fake_get "/api/foo/version/4/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_get "/api/foo/version/4/bar?format=simple",
                %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Login failed</err>\n</rsp>\n)
       
       lambda { get }.should raise_error(Pardot::ResponseError)
@@ -90,7 +90,7 @@ def get object = "foo", path = "/bar", params = {}
     end
     
     it "should call handle_expired_api_key when the api key expires" do
-      fake_get "/api/foo/version/4/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_get "/api/foo/version/4/bar?format=simple",
                %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Invalid API key or user key</err>\n</rsp>\n)
       
       @client.should_receive(:handle_expired_api_key)
@@ -107,7 +107,7 @@ def post object = "foo", path = "/bar", params = {}
     end
     
     it "should notice errors and raise them as Pardot::ResponseError" do
-      fake_post "/api/foo/version/4/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_post "/api/foo/version/4/bar?format=simple",
                 %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Login failed</err>\n</rsp>\n)
       
       lambda { post }.should raise_error(Pardot::ResponseError)
@@ -120,7 +120,7 @@ def post object = "foo", path = "/bar", params = {}
     end
     
     it "should call handle_expired_api_key when the api key expires" do
-      fake_post "/api/foo/version/4/bar?api_key=my_api_key&format=simple&user_key=bar",
+      fake_post "/api/foo/version/4/bar?format=simple",
                 %(?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="fail" version="1.0">\n   <err code="15">Invalid API key or user key</err>\n</rsp>\n)
       
       @client.should_receive(:handle_expired_api_key)
diff --git a/spec/pardot/objects/custom_fields_spec.rb b/spec/pardot/objects/custom_fields_spec.rb
new file mode 100644
index 0000000..1f31940
--- /dev/null
+++ b/spec/pardot/objects/custom_fields_spec.rb
@@ -0,0 +1,58 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe Pardot::Objects::CustomFields do
+  
+  before do
+    @client = create_client
+  end
+  
+  describe "query" do
+    
+    def sample_results
+      %(<?xml version="1.0" encoding="UTF-8"?>\n<rsp stat="ok" version="1.0">
+        <result>
+          <total_results>1</total_results>
+            <customField>
+              <created_at>2019-11-26 13:40:37</created_at>
+              <crm_id null="true" />
+              <field_id>CustomObject1574793618883</field_id>
+              <id>8932</id>
+              <is_record_multiple_responses>false</is_record_multiple_responses>
+              <is_use_values>false</is_use_values>
+              <name>Ω≈ç√∫˜µ≤≥÷</name>
+              <type>Text</type>
+              <type_id>1</type_id>
+              <updated_at>2019-11-26 13:40:37</updated_at>
+          </customField>
+        </result>
+      </rsp>)
+    end
+    
+    before do
+      @client = create_client
+    end
+    
+    it "should take in some arguments" do
+      fake_get "/api/customField/version/3/do/query?id_greater_than=200&format=simple", sample_results
+      
+      @client.custom_fields.query(:id_greater_than => 200).should == {"total_results" => 1, 
+        "customField"=>
+          {
+            "id"=>"8932",
+            "name"=>"Ω≈ç√∫˜µ≤≥÷",
+            "field_id"=>"CustomObject1574793618883",
+            "type"=>"Text",
+            "type_id"=>"1",
+            "crm_id"=>{"null"=>"true"},
+            "is_record_multiple_responses"=>"false",
+            "is_use_values"=>"false",
+            "created_at"=>"2019-11-26 13:40:37",
+            "updated_at"=>"2019-11-26 13:40:37"
+          }
+        }
+      assert_authorization_header
+    end
+    
+  end
+  
+end
diff --git a/spec/pardot/objects/emails_spec.rb b/spec/pardot/objects/emails_spec.rb
index 5faf2b8..d16391b 100644
--- a/spec/pardot/objects/emails_spec.rb
+++ b/spec/pardot/objects/emails_spec.rb
@@ -19,18 +19,21 @@ def sample_response
   end
 
   it "should take in the email ID" do
-    fake_get "/api/email/version/3/do/read/id/12?user_key=bar&api_key=my_api_key&format=simple", sample_response
+    fake_get "/api/email/version/3/do/read/id/12?format=simple", sample_response
     @client.emails.read_by_id(12).should == {"name" => "My Email"}
+    assert_authorization_header
   end
 
   it 'should send to a prospect' do
-    fake_post '/api/email/version/3/do/send/prospect_id/42?campaign_id=765&email_template_id=86&user_key=bar&api_key=my_api_key&format=simple', sample_response
+    fake_post '/api/email/version/3/do/send/prospect_id/42?campaign_id=765&email_template_id=86&format=simple', sample_response
     @client.emails.send_to_prospect(42, :campaign_id => 765, :email_template_id => 86).should == {"name" => "My Email"}
+    assert_authorization_header
   end
 
   it 'should send to a list' do
-    fake_post '/api/email/version/3/do/send?email_template_id=200&list_ids[]=235&campaign_id=654&user_key=bar&api_key=my_api_key&format=simple', sample_response
+    fake_post '/api/email/version/3/do/send?email_template_id=200&list_ids[]=235&campaign_id=654&format=simple', sample_response
     @client.emails.send_to_list(:email_template_id => 200, 'list_ids[]' => 235, :campaign_id => 654).should == {"name" => "My Email"}
+    assert_authorization_header
   end
 
 end
\ No newline at end of file
diff --git a/spec/pardot/objects/lists_spec.rb b/spec/pardot/objects/lists_spec.rb
index c5ac9e3..990aa28 100644
--- a/spec/pardot/objects/lists_spec.rb
+++ b/spec/pardot/objects/lists_spec.rb
@@ -27,13 +27,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/list/version/3/do/query?api_key=my_api_key&id_greater_than=200&format=simple&user_key=bar", sample_results
+      fake_get "/api/list/version/3/do/query?id_greater_than=200&format=simple", sample_results
       
       @client.lists.query(:id_greater_than => 200).should == {"total_results" => 2, 
         "list"=>[
           {"name"=>"Asdf List"}, 
           {"name"=>"Qwerty List"}
         ]}
+      assert_authorization_header
     end
     
   end
diff --git a/spec/pardot/objects/opportunities_spec.rb b/spec/pardot/objects/opportunities_spec.rb
index d6655a1..548519c 100644
--- a/spec/pardot/objects/opportunities_spec.rb
+++ b/spec/pardot/objects/opportunities_spec.rb
@@ -29,13 +29,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/opportunity/version/3/do/query?api_key=my_api_key&id_greater_than=200&format=simple&user_key=bar", sample_results
+      fake_get "/api/opportunity/version/3/do/query?id_greater_than=200&format=simple", sample_results
       
       @client.opportunities.query(:id_greater_than => 200).should == {"total_results" => 2, 
         "opportunity"=>[
           {"type"=>"Great", "name"=>"Jim"}, 
           {"type"=>"Good", "name"=>"Sue"}
         ]}
+      assert_authorization_header
     end
     
   end
@@ -53,10 +54,11 @@ def sample_results
     end
     
     it "should return the prospect" do
-      fake_post "/api/opportunity/version/3/do/create/prospect_email/user@test.com?type=Good&api_key=my_api_key&user_key=bar&format=simple&name=Jim", sample_results
+      fake_post "/api/opportunity/version/3/do/create/prospect_email/user@test.com?type=Good&format=simple&name=Jim", sample_results
       
       @client.opportunities.create_by_email("user@test.com", :name => "Jim", :type => "Good").should == {"name"=>"Jim", "type"=>"Good"}
-      
+
+      assert_authorization_header
     end
     
   end
diff --git a/spec/pardot/objects/prospect_accounts_spec.rb b/spec/pardot/objects/prospect_accounts_spec.rb
index 5469518..528bdf0 100644
--- a/spec/pardot/objects/prospect_accounts_spec.rb
+++ b/spec/pardot/objects/prospect_accounts_spec.rb
@@ -24,13 +24,14 @@ def sample_results
     end
 
     it "should take in some arguments and respond with valid items" do
-      fake_get "/api/prospectAccount/version/3/do/query?assigned=true&format=simple&user_key=bar&api_key=my_api_key", sample_results
+      fake_get "/api/prospectAccount/version/3/do/query?assigned=true&format=simple", sample_results
 
       @client.prospect_accounts.query(:assigned => true).should == {'total_results' => 2,
         'prospectAccount'=>[
           {'name'=>'Spaceships R Us'},
           {'name'=>'Monsters Inc'}
         ]}
+      assert_authorization_header
     end
 
   end
@@ -47,9 +48,10 @@ def sample_results
     end
 
     it 'should return a valid account' do
-      fake_post '/api/prospectAccount/version/3/do/read/id/1234?assigned=true&format=simple&user_key=bar&api_key=my_api_key', sample_results
+      fake_post '/api/prospectAccount/version/3/do/read/id/1234?assigned=true&format=simple', sample_results
 
       @client.prospect_accounts.read('1234', :assigned => true).should == {'id' => '1234', 'name' => 'SupaDupaPanda' }
+      assert_authorization_header
     end
 
   end
@@ -67,10 +69,10 @@ def sample_results
     end
 
     it 'should return the prospect account' do
-      fake_post '/api/prospectAccount/version/3/do/create?api_key=my_api_key&user_key=bar&format=simple&name=SuperPanda', sample_results
+      fake_post '/api/prospectAccount/version/3/do/create?format=simple&name=SuperPanda', sample_results
 
       @client.prospect_accounts.create(:name => 'SuperPanda').should == {"name"=>"SuperPanda"}
-
+      assert_authorization_header
     end
 
   end
diff --git a/spec/pardot/objects/prospects_spec.rb b/spec/pardot/objects/prospects_spec.rb
index 7c18eab..17f85fd 100644
--- a/spec/pardot/objects/prospects_spec.rb
+++ b/spec/pardot/objects/prospects_spec.rb
@@ -26,13 +26,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/prospect/version/3/do/query?assigned=true&format=simple&user_key=bar&api_key=my_api_key", sample_results
+      fake_get "/api/prospect/version/3/do/query?assigned=true&format=simple", sample_results
       
       @client.prospects.query(:assigned => true).should == {"total_results" => 2, 
         "prospect"=>[
           {"last_name"=>"Smith", "first_name"=>"Jim"}, 
           {"last_name"=>"Green", "first_name"=>"Sue"}
         ]}
+      assert_authorization_header
     end
     
   end
@@ -50,12 +51,12 @@ def sample_results
     end
     
     it "should return the prospect" do
-      fake_post "/api/prospect/version/3/do/create/email/user@test.com?api_key=my_api_key&user_key=bar&format=simple&first_name=Jim", sample_results
-      
+      fake_post "/api/prospect/version/3/do/create/email/user%40test.com?first_name=Jim&format=simple", sample_results
+
       @client.prospects.create("user@test.com", :first_name => "Jim").should == {"last_name"=>"Smith", "first_name"=>"Jim"}
-      
+      assert_authorization_header
     end
     
   end
   
-end
\ No newline at end of file
+end
diff --git a/spec/pardot/objects/users_spec.rb b/spec/pardot/objects/users_spec.rb
index 2f013da..76503b1 100644
--- a/spec/pardot/objects/users_spec.rb
+++ b/spec/pardot/objects/users_spec.rb
@@ -29,13 +29,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/user/version/3/do/query?api_key=my_api_key&user_key=bar&id_greater_than=200&format=simple", sample_results
+      fake_get "/api/user/version/3/do/query?id_greater_than=200&format=simple", sample_results
       
       @client.users.query(:id_greater_than => 200).should == {"total_results" => 2, 
         "user"=>[
           {"email"=>"user@test.com", "first_name"=>"Jim"}, 
           {"email"=>"user@example.com", "first_name"=>"Sue"}
         ]}
+      assert_authorization_header
     end
     
   end
@@ -53,10 +54,10 @@ def sample_results
     end
     
     it "should return the prospect" do
-      fake_post "/api/user/version/3/do/read/email/user@test.com?api_key=my_api_key&user_key=bar&format=simple", sample_results
+      fake_post "/api/user/version/3/do/read/email/user@test.com?format=simple", sample_results
       
       @client.users.read_by_email("user@test.com").should == {"email"=>"user@example.com", "first_name"=>"Sue"}
-      
+      assert_authorization_header
     end
     
   end
diff --git a/spec/pardot/objects/visitor_activities_spec.rb b/spec/pardot/objects/visitor_activities_spec.rb
index 4ce345b..864f356 100644
--- a/spec/pardot/objects/visitor_activities_spec.rb
+++ b/spec/pardot/objects/visitor_activities_spec.rb
@@ -29,13 +29,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/visitorActivity/version/3/do/query?user_key=bar&api_key=my_api_key&id_greater_than=200&format=simple", sample_results
+      fake_get "/api/visitorActivity/version/3/do/query?id_greater_than=200&format=simple", sample_results
       
       @client.visitor_activities.query(:id_greater_than => 200).should == {"total_results" => 2, 
         "visitorActivity"=>[
           {"type_name"=>"Read", "details"=>"Some details"}, 
           {"type_name"=>"Write", "details"=>"More details"}
         ]}
+      assert_authorization_header
     end
     
   end
@@ -53,10 +54,10 @@ def sample_results
     end
     
     it "should return the prospect" do
-      fake_post "/api/visitorActivity/version/3/do/read/id/10?user_key=bar&api_key=my_api_key&format=simple", sample_results
+      fake_post "/api/visitorActivity/version/3/do/read/id/10?format=simple", sample_results
       
       @client.visitor_activities.read(10).should == {"details"=>"More details", "type_name"=>"Write"}
-      
+      assert_authorization_header
     end
     
   end
diff --git a/spec/pardot/objects/visitors_spec.rb b/spec/pardot/objects/visitors_spec.rb
index 5e0d00e..563be10 100644
--- a/spec/pardot/objects/visitors_spec.rb
+++ b/spec/pardot/objects/visitors_spec.rb
@@ -29,13 +29,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/visitor/version/3/do/query?api_key=my_api_key&user_key=bar&id_greater_than=200&format=simple", sample_results
+      fake_get "/api/visitor/version/3/do/query?id_greater_than=200&format=simple", sample_results
       
       @client.visitors.query(:id_greater_than => 200).should == {"total_results" => 2, 
         "visitor"=>[
           {"browser"=>"Firefox", "language"=>"en"}, 
           {"browser"=>"Chrome", "language"=>"es"}
         ]}
+      assert_authorization_header
     end
     
   end
@@ -53,10 +54,10 @@ def sample_results
     end
     
     it "should return the prospect" do
-      fake_post "/api/visitor/version/3/do/assign/id/10?type=Good&api_key=my_api_key&user_key=bar&format=simple&name=Jim", sample_results
+      fake_post "/api/visitor/version/3/do/assign/id/10?type=Good&format=simple&name=Jim", sample_results
       
       @client.visitors.assign(10, :name => "Jim", :type => "Good").should == {"browser"=>"Chrome", "language"=>"es"}
-      
+      assert_authorization_header
     end
     
   end
diff --git a/spec/pardot/objects/visits_spec.rb b/spec/pardot/objects/visits_spec.rb
index 5b894ec..6e71742 100644
--- a/spec/pardot/objects/visits_spec.rb
+++ b/spec/pardot/objects/visits_spec.rb
@@ -29,13 +29,14 @@ def sample_results
     end
     
     it "should take in some arguments" do
-      fake_get "/api/visit/version/3/do/query?api_key=my_api_key&user_key=bar&id_greater_than=200&format=simple", sample_results
+      fake_get "/api/visit/version/3/do/query?id_greater_than=200&format=simple", sample_results
       
       @client.visits.query(:id_greater_than => 200).should == {"total_results" => 2, 
         "visit"=>[
           {"duration_in_seconds"=>"50", "visitor_page_view_count"=>"3"}, 
           {"duration_in_seconds"=>"10", "visitor_page_view_count"=>"1"}
         ]}
+      assert_authorization_header
     end
     
   end
@@ -53,10 +54,10 @@ def sample_results
     end
     
     it "should return the prospect" do
-      fake_post "/api/visit/version/3/do/read/id/10?user_key=bar&api_key=my_api_key&format=simple", sample_results
+      fake_post "/api/visit/version/3/do/read/id/10?format=simple", sample_results
       
       @client.visits.read(10).should == {"visitor_page_view_count"=>"1", "duration_in_seconds"=>"10"}
-      
+      assert_authorization_header
     end
     
   end
diff --git a/spec/support/fakeweb.rb b/spec/support/fakeweb.rb
index d842f26..14b57cf 100644
--- a/spec/support/fakeweb.rb
+++ b/spec/support/fakeweb.rb
@@ -12,3 +12,7 @@ def fake_get path, response
 def fake_authenticate client, api_key
   client.api_key = api_key
 end
+
+def assert_authorization_header
+  expect(FakeWeb.last_request[:authorization]).to eq('Pardot api_key=my_api_key, user_key=bar')
+end
\ No newline at end of file