diff --git a/app/routes/api/keys.js b/app/routes/api/keys.js
index 0e86de1..c08c37e 100644
--- a/app/routes/api/keys.js
+++ b/app/routes/api/keys.js
@@ -15,7 +15,7 @@ const createParams = [
     {name: 'identifier', type: 'string', sanitize: true},
     {name: 'scope', instance: Array}];
 router.post('/create', requireAuth('key.create'), bodyVerifier(createParams), wrap(async (req, res) => {
-    const keyCount = await Key.countDocuments({username: req.username});
+    const keyCount = await Key.countDocuments({issuer: req.username});
     if (keyCount >= config.get('Key.limit'))
         return res.status(403).json({message: 'Key limit reached.'});
 
diff --git a/test/api.js b/test/api.js
index 9cb762b..bd0ee47 100644
--- a/test/api.js
+++ b/test/api.js
@@ -687,6 +687,21 @@ describe('Keys', () => {
                 util.verifyResponse(res, 403, 'Requested scope exceeds own scope.');
             });
         });
+
+        describe('2 Key Limit', () => {
+            it('must not create additional keys beyond the limit', async () => {
+                await util.createSession(agent, ['key.create', 'file.upload']);
+                const limit = config.get('Key.limit');
+
+                // Create keys upto the limit (key0, key1, key2, ...)
+                await Promise.all(
+                    [...Array(limit)]
+                        .map(idx => util.createKey({identifier: 'key' + idx, scope: ['file.upload']}, agent)));
+
+                const res = await util.createKey({identifier: 'toomany', scope: ['file.upload']}, agent);
+                util.verifyResponse(res, 403, 'Key limit reached.');
+            });
+        });
     });
 
     describe('/POST delete', () => {