diff --git a/src/main/java/caosdb/server/resource/ScriptingResource.java b/src/main/java/caosdb/server/resource/ScriptingResource.java
index 4159d7a60419eb08d1b6d833b8f5242bcb9632fe..cb652b862282e2cf804ae4cbffd3b6f9de9d109f 100644
--- a/src/main/java/caosdb/server/resource/ScriptingResource.java
+++ b/src/main/java/caosdb/server/resource/ScriptingResource.java
@@ -213,7 +213,7 @@ public class ScriptingResource extends AbstractCaosDBServerResource {
    * the call is not configured to be called by everyone, a SessionToken is returned instead.
    */
   public Object generateAuthToken(String call) {
-    String purpose = ScriptingPermissions.PERMISSION_EXECUTION(call);
+    String purpose = "SCRIPTING:EXECUTE:" + call;
     Object authtoken = OneTimeAuthenticationToken.generateForPurpose(purpose, getUser());
     if (authtoken != null || isAnonymous()) {
       return authtoken;
diff --git a/src/main/java/caosdb/server/scripting/ScriptingPermissions.java b/src/main/java/caosdb/server/scripting/ScriptingPermissions.java
index b1417035bad3c75ecae23941371611ad894887a6..9165f133c070c351e7a4ecbb2c510c06b71734a2 100644
--- a/src/main/java/caosdb/server/scripting/ScriptingPermissions.java
+++ b/src/main/java/caosdb/server/scripting/ScriptingPermissions.java
@@ -3,7 +3,7 @@ package caosdb.server.scripting;
 public class ScriptingPermissions {
 
   public static final String PERMISSION_EXECUTION(final String call) {
-    StringBuilder ret = new StringBuilder(10 + call.length());
+    StringBuilder ret = new StringBuilder(18 + call.length());
     ret.append("SCRIPTING:EXECUTE:");
     ret.append(call.replace("/", ":"));
     return ret.toString();