diff --git a/management/server/http/middleware/auth_middleware.go b/management/server/http/middleware/auth_middleware.go
index ffd7e0b93..b76f00bd7 100644
--- a/management/server/http/middleware/auth_middleware.go
+++ b/management/server/http/middleware/auth_middleware.go
@@ -171,10 +171,6 @@ func (m *AuthMiddleware) checkPATFromRequest(r *http.Request, authHeaderParts []
 		return r, fmt.Errorf("error extracting token: %w", err)
 	}
 
-	if m.patUsageTracker != nil {
-		m.patUsageTracker.IncrementUsage(token)
-	}
-
 	if m.rateLimiter != nil {
 		if !m.rateLimiter.Allow(token) {
 			return r, status.Errorf(status.TooManyRequests, "too many requests")
@@ -186,6 +182,11 @@ func (m *AuthMiddleware) checkPATFromRequest(r *http.Request, authHeaderParts []
 	if err != nil {
 		return r, fmt.Errorf("invalid Token: %w", err)
 	}
+
+	if m.patUsageTracker != nil {
+		m.patUsageTracker.IncrementUsage(pat.ID)
+	}
+
 	if time.Now().After(pat.GetExpirationDate()) {
 		return r, fmt.Errorf("token expired")
 	}
diff --git a/management/server/http/middleware/pat_usage_tracker.go b/management/server/http/middleware/pat_usage_tracker.go
index 331c288e7..b323ea920 100644
--- a/management/server/http/middleware/pat_usage_tracker.go
+++ b/management/server/http/middleware/pat_usage_tracker.go
@@ -74,8 +74,11 @@ func (t *PATUsageTracker) reportUsageBuckets() {
 
 	totalTokens := len(snapshot)
 	if totalTokens > 0 {
-		for _, count := range snapshot {
+		for id, count := range snapshot {
 			t.histogram.Record(t.ctx, count)
+			if count > 120 {
+				log.Debugf("High PAT usage detected: token %s used %d times in the last minute", id, count)
+			}
 		}
 		log.Debugf("PAT usage in last minute: %d unique tokens used", totalTokens)
 	}