diff --git a/src/core_api.cpp b/src/core_api.cpp
index ef7c9c1d..8148132a 100644
--- a/src/core_api.cpp
+++ b/src/core_api.cpp
@@ -68,6 +68,16 @@ void get_collections_for_auth(std::map<std::string, std::string> &req_params, co
                 }
             }
         }
+    } else if(rpath.handler == post_create_collection) {
+        nlohmann::json obj = nlohmann::json::parse(body, nullptr, false);
+
+        if(obj == nlohmann::json::value_t::discarded) {
+            LOG(ERROR) << "Create collection request body is malformed.";
+        }
+
+        if(obj != nlohmann::json::value_t::discarded && obj.count("name") != 0 && obj["name"].is_string()) {
+            collections.emplace_back(obj["name"].get<std::string>());
+        }
     }
 
     if(collections.empty()) {
diff --git a/test/auth_manager_test.cpp b/test/auth_manager_test.cpp
index 7fc033f7..bf94b95f 100644
--- a/test/auth_manager_test.cpp
+++ b/test/auth_manager_test.cpp
@@ -223,6 +223,13 @@ TEST_F(AuthManagerTest, VerifyAuthentication) {
     ASSERT_TRUE(auth_manager.authenticate(wildcard_action_coll_key.value, "collections:create", {"collection1"}, sparams));
     ASSERT_TRUE(auth_manager.authenticate(wildcard_action_coll_key.value, "collections:delete", {"collection1", "collection2"}, sparams));
     ASSERT_FALSE(auth_manager.authenticate(wildcard_action_coll_key.value, "documents:create", {"collection1"}, sparams));
+
+    // create action on a specific collection
+    api_key_t create_action_coll_key = api_key_t("abcd11", "create action+coll key", {"collections:create"}, {"collection1"}, FUTURE_TS);
+    auth_manager.create_key(create_action_coll_key);
+
+    ASSERT_TRUE(auth_manager.authenticate(create_action_coll_key.value, "collections:create", {"collection1"}, sparams));
+    ASSERT_FALSE(auth_manager.authenticate(create_action_coll_key.value, "collections:create", {"collection2"}, sparams));
 }
 
 TEST_F(AuthManagerTest, HandleAuthentication) {