diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini
index 3a2324f6e4..883f36dfc9 100644
--- a/etc/heat/api-paste.ini
+++ b/etc/heat/api-paste.ini
@@ -1,7 +1,7 @@
 
 # heat-api pipeline
 [pipeline:heat-api]
-pipeline = cors request_id faultwrap authurl authtoken context http_proxy_to_wsgi versionnegotiation osprofiler apiv1app
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authtoken context osprofiler apiv1app
 
 # heat-api pipeline for standalone heat
 # ie. uses alternative auth backend that authenticates users against keystone
@@ -12,7 +12,7 @@ pipeline = cors request_id faultwrap authurl authtoken context http_proxy_to_wsg
 #   flavor = standalone
 #
 [pipeline:heat-api-standalone]
-pipeline = cors request_id faultwrap authurl authpassword context http_proxy_to_wsgi versionnegotiation apiv1app
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
 
 # heat-api pipeline for custom cloud backends
 # i.e. in heat.conf:
@@ -31,12 +31,12 @@ pipeline = cors request_id faultwrap noauth context http_proxy_to_wsgi versionne
 
 # heat-api-cfn pipeline
 [pipeline:heat-api-cfn]
-pipeline = cors request_id ec2authtoken authtoken context http_proxy_to_wsgi cfnversionnegotiation osprofiler apicfnv1app
+pipeline = cors request_id http_proxy_to_wsgi cfnversionnegotiation ec2authtoken authtoken context osprofiler apicfnv1app
 
 # heat-api-cfn pipeline for standalone heat
 # relies exclusively on authenticating with ec2 signed requests
 [pipeline:heat-api-cfn-standalone]
-pipeline = cors request_id ec2authtoken context http_proxy_to_wsgi cfnversionnegotiation apicfnv1app
+pipeline = cors request_id http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
 
 [app:apiv1app]
 paste.app_factory = heat.common.wsgi:app_factory