diff --git a/consul/CHANGELOG.md b/consul/CHANGELOG.md
index 3712e0113da10..47dab08d0038f 100644
--- a/consul/CHANGELOG.md
+++ b/consul/CHANGELOG.md
@@ -4,6 +4,7 @@
 ==================
 
 * [Fix] Fix duplicate service check with same tags but different status being sent (one per Node).
+* [FEATURE] Support ACL token for authentication.
 
 1.0.003-22-2017
 ==================
diff --git a/consul/check.py b/consul/check.py
index e2ab68d22db7a..0207d75cea4ff 100644
--- a/consul/check.py
+++ b/consul/check.py
@@ -84,14 +84,19 @@ def consul_request(self, instance, endpoint):
             clientcertfile = instance.get('client_cert_file', self.init_config.get('client_cert_file', False))
             privatekeyfile = instance.get('private_key_file', self.init_config.get('private_key_file', False))
             cabundlefile = instance.get('ca_bundle_file', self.init_config.get('ca_bundle_file', True))
+            acl_token = instance.get('acl_token', None)
+
+            headers = {}
+            if acl_token:
+                headers['X-Consul-Token'] = acl_token
 
             if clientcertfile:
                 if privatekeyfile:
-                    resp = requests.get(url, cert=(clientcertfile,privatekeyfile), verify=cabundlefile)
+                    resp = requests.get(url, cert=(clientcertfile,privatekeyfile), verify=cabundlefile, headers=headers)
                 else:
-                    resp = requests.get(url, cert=clientcertfile, verify=cabundlefile)
+                    resp = requests.get(url, cert=clientcertfile, verify=cabundlefile, headers=headers)
             else:
-                resp = requests.get(url, verify=cabundlefile)
+                resp = requests.get(url, verify=cabundlefile, headers=headers)
 
         except requests.exceptions.Timeout:
             self.log.exception('Consul request to {0} timed out'.format(url))
diff --git a/consul/ci/consul.rake b/consul/ci/consul.rake
index e35a1fbbbd45f..799cf7e188f8f 100644
--- a/consul/ci/consul.rake
+++ b/consul/ci/consul.rake
@@ -22,8 +22,10 @@ namespace :ci do
     task :install do
       Rake::Task['ci:common:install'].invoke('consul')
       # sample docker usage
-      sh %( docker run -d --expose 8301 --expose 8500 -p 8500:8500 --name #{container_name_1} \
+      sh %( docker create --expose 8301 --expose 8500 -p 8500:8500 --name #{container_name_1} \
             consul:#{consul_version} agent -dev -bind=0.0.0.0 -client=0.0.0.0 )
+      sh %( docker cp #{__dir__}/server.json #{container_name_1}:/consul/config/server.json )
+      sh %( docker start #{container_name_1} )
       Wait.for 8500
       wait_on_docker_logs(container_name_1, 30, 'agent: Node info in sync', "agent: Synced service 'consul'")
 
diff --git a/consul/ci/server.json b/consul/ci/server.json
new file mode 100644
index 0000000000000..1f746aed09a82
--- /dev/null
+++ b/consul/ci/server.json
@@ -0,0 +1,5 @@
+{
+	"acl_datacenter": "dc1",
+	"acl_default_policy": "deny",
+	"acl_master_token": "token"
+}
diff --git a/consul/conf.yaml.example b/consul/conf.yaml.example
index 9a752e0de8ad9..5042657670459 100644
--- a/consul/conf.yaml.example
+++ b/consul/conf.yaml.example
@@ -20,6 +20,9 @@ instances:
       # Possible values: True, False or '/path/to/your/trusted_ca_bundle_file'
       # ca_bundle_file: '/path/to/trusted_ca_bundle_file'
 
+      # ACL token to use for authentication
+      # acl_token: 'token'
+
       # Whether to perform checks against the Consul service Catalog
       catalog_checks: yes
 
diff --git a/consul/test_consul.py b/consul/test_consul.py
index 7b7dacbb4f79e..283c017fbe5ce 100644
--- a/consul/test_consul.py
+++ b/consul/test_consul.py
@@ -6,6 +6,7 @@
 
 # 3p
 from nose.plugins.attrib import attr
+from requests import HTTPError
 
 from tests.checks.common import AgentCheckTest, load_check
 from utils.containers import hash_mutable
@@ -703,7 +704,8 @@ def simple_integration_test(self):
                 'network_latency_checks': True,
                 'new_leader_checks': True,
                 'catalog_checks': True,
-                'self_leader_check': True
+                'self_leader_check': True,
+                'acl_token': 'token'
             }]
         }
 
@@ -720,3 +722,28 @@ def simple_integration_test(self):
         self.assertServiceCheck('consul.up')
 
         self.coverage_report()
+
+    def test_acl_forbidden(self):
+        """
+        Testing Consul Integration
+        """
+
+        config = {
+            "instances": [{
+                'url': 'http://localhost:8500',
+                'catalog_checks': True,
+                'network_latency_checks': True,
+                'new_leader_checks': True,
+                'catalog_checks': True,
+                'self_leader_check': True,
+                'acl_token': 'wrong_token'
+            }]
+        }
+        got_error_403 = False
+        try:
+            self.run_check(config)
+        except HTTPError as e:
+            if e.response.status_code == 403:
+                got_error_403 = True
+
+        self.assertTrue(got_error_403)