diff --git a/freqtrade/constants.py b/freqtrade/constants.py
index e2a24ea35..a97ded95b 100644
--- a/freqtrade/constants.py
+++ b/freqtrade/constants.py
@@ -401,7 +401,7 @@ CONF_SCHEMA = {
                 },
                 'username': {'type': 'string'},
                 'password': {'type': 'string'},
-                'ws_token': {'type': 'string'},
+                'ws_token': {'type': ['string', 'array'], 'items': {'type': 'string'}},
                 'jwt_secret_key': {'type': 'string'},
                 'CORS_origins': {'type': 'array', 'items': {'type': 'string'}},
                 'verbosity': {'type': 'string', 'enum': ['error', 'info']},
diff --git a/freqtrade/rpc/api_server/api_auth.py b/freqtrade/rpc/api_server/api_auth.py
index e91e5941b..492daf5a2 100644
--- a/freqtrade/rpc/api_server/api_auth.py
+++ b/freqtrade/rpc/api_server/api_auth.py
@@ -59,9 +59,18 @@ async def validate_ws_token(
     secret_ws_token = api_config.get('ws_token', None)
     secret_jwt_key = api_config.get('jwt_secret_key', 'super-secret')
 
-    if ws_token and secret_ws_token and secrets.compare_digest(secret_ws_token, ws_token):
-        # Just return the token if it matches
-        return ws_token
+    if ws_token and secret_ws_token:
+        is_valid_ws_token = False
+        if isinstance(secret_ws_token, str):
+            is_valid_ws_token = secrets.compare_digest(secret_ws_token, ws_token)
+        elif isinstance(secret_ws_token, list):
+            is_valid_ws_token = any([
+                secrets.compare_digest(potential, ws_token)
+                for potential in secret_ws_token
+            ])
+
+        if is_valid_ws_token:
+            return ws_token
     else:
         try:
             user = get_user_from_token(ws_token, secret_jwt_key)