After upgrading to 509 from 496, my service accounts that use the api token stopped working all the time, giving 500 errors about 1/2 the time. I tracked it down to the AD plugin complaining that the user couldn't bind correctly (which is correct as it was passing the api token).

Switching from the AD plugin to straight LDAP fixed the issue. My best guess would be that the filters that handle the plugin and the apitoken are getting fired at different times. I stopped looking at it though once moving to LDAP solved the issue.

thanks!