diff --git a/README.md b/README.md
index bbc069e..ebd853b 100644
--- a/README.md
+++ b/README.md
@@ -43,8 +43,9 @@ JSON API under `/api/`. SQLite lives at `./data/mcables.db` by default.
 |---|---|---|
 | `MCABLES_ADDR` | `0.0.0.0:7777` | Listen address. |
 | `MCABLES_DB` | `./data/mcables.db` | SQLite path. Parent dir is created on boot. |
-| `MEXDRAW_BASE_URL` | (unset) | Used by slice 5 export — not consumed yet. |
-| `MEXDRAW_TOKEN` | (unset) | Bearer for the mExDraw export. Not consumed yet. |
+| `MEXDRAW_BASE_URL` | `https://mxdrw.msbls.de` | Base URL for mExDraw export. |
+| `MEXDRAW_USER` | (unset) | Username for the mxdrw HTTP Basic Auth on export. Required. |
+| `MEXDRAW_PASS` | (unset) | Password for the mxdrw HTTP Basic Auth on export. Required. |
 
 ### Tests
 
diff --git a/docker-compose.yml b/docker-compose.yml
index bd79302..ee82285 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - MCABLES_ADDR=0.0.0.0:7777
       - MCABLES_DB=/app/data/mcables.db
     env_file:
-      # Empty for slice 1. MEXDRAW_TOKEN lands here when slice 5 ships.
+      # MEXDRAW_USER + MEXDRAW_PASS for the mxdrw HTTP Basic Auth on export.
       - /home/m/secrets/mcables/.env
     volumes:
       - /home/m/stacks/mcables/data:/app/data
diff --git a/internal/server/export.go b/internal/server/export.go
index 6d2823d..873e809 100644
--- a/internal/server/export.go
+++ b/internal/server/export.go
@@ -29,11 +29,12 @@ func (h *handlers) syncExport(w http.ResponseWriter, r *http.Request) {
 	if base == "" {
 		base = "https://mxdrw.msbls.de"
 	}
-	token := os.Getenv("MEXDRAW_TOKEN")
-	if token == "" {
+	user := os.Getenv("MEXDRAW_USER")
+	pass := os.Getenv("MEXDRAW_PASS")
+	if user == "" || pass == "" {
 		writeJSON(w, http.StatusBadRequest, errorBody{
-			Error:   "MEXDRAW_TOKEN not set",
-			Details: "Add MEXDRAW_TOKEN to /home/m/secrets/mcables/.env on mDock and restart the container",
+			Error:   "MEXDRAW_USER / MEXDRAW_PASS not set",
+			Details: "Add MEXDRAW_USER and MEXDRAW_PASS to /home/m/secrets/mcables/.env on mDock and restart the container — mxdrw expects HTTP Basic Auth",
 		})
 		return
 	}
@@ -77,7 +78,7 @@ func (h *handlers) syncExport(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", "Bearer "+token)
+	req.SetBasicAuth(user, pass)
 
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {