diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py
index b5e8e3fff1..8f3fd44c1b 100644
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -104,8 +104,8 @@ def decode_enterprise_webapp_user_id(jwt_token: str | None):
 
     decoded = PassportService().verify(jwt_token)
     source = decoded.get("token_source")
-    if not source or source != "enterprise_login":
-        raise Unauthorized("Invalid token source. Expected 'enterprise_login'.")
+    if not source or source != "webapp_login_token":
+        raise Unauthorized("Invalid token source. Expected 'webapp_login_token'.")
     return decoded
 
 
diff --git a/api/services/webapp_auth_service.py b/api/services/webapp_auth_service.py
index a101688ab7..43f19c0142 100644
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@@ -110,11 +110,10 @@ class WebAppAuthService:
         exp = int(exp_dt.timestamp())
 
         payload = {
-            "iss": site.id,
             "sub": "Web API Passport",
             "user_id": account.id,
             "end_user_id": end_user_id,
-            "token_source": "enterprise_login",
+            "token_source": "webapp_login_token",
             "exp": exp,
         }